Source URL: https://www.theregister.com/2024/08/21/microsoft_patch_dual_boot/
Source: The Register
Title: Microsoft’s Patch Tuesday borks dual-boot Linux-Windows PCs
Feedly Summary: Plus: Three-year-old ProxyLogon flaw added to CISA’s exploited bugs list
Microsoft says it’s investigating issues with a patch intended to plug a two-year-old flaw in the GRUB open source boot loader that is crashing some dual-boot computers running both Windows and Linux. In that crash users are aptly told: “Something went seriously wrong."…
AI Summary and Description: Yes
Summary: Microsoft is addressing an issue with a security patch that caused boot failures in dual-boot systems using GRUB after a vulnerability was patched. Concurrently, the US CISA warns of an ongoing exploitation of an old vulnerability in Microsoft Exchange Server, highlighting risks for administrators not applying timely security updates.
Detailed Description:
The provided text covers two significant incidents related to Microsoft’s security patching and vulnerabilities that pose risks to information security, specifically for infrastructure and software security.
– **GRUB Vulnerability (CVE-2022-2601)**:
– This is a two-year-old buffer overflow flaw in GRUB 2, a widely used bootloader for Linux and certain Windows systems.
– The vulnerability could enable attackers or malware to bypass the Secure Boot feature, allowing malicious code to load during system initiation.
– Microsoft released a patch, but it inadvertently caused dual-boot systems (Windows and Linux) to crash.
– Users reported that systems displayed an error message: “Something went seriously wrong.”
– Microsoft is collaborating with Linux partners to resolve the issue and improve the update’s compatibility with dual-boot configurations.
– **Microsoft Exchange Server Vulnerability (CVE-2021-31196)**:
– This information disclosure bug in Exchange Server allows remote code execution and has been listed in the CISA’s Known Exploited Vulnerabilities Catalog.
– Although a patch was released in July 2021, exploitation of this vulnerability has been confirmed, raising concerns about the security practices of administrators.
– Threat experts expressed disappointment that a three-year-old vulnerability remains a point of exploitation.
– The recent warnings from CISA, NSA, and FBI highlighted that state-sponsored actors, specifically from Iran, are scanning for this and similar vulnerabilities to exploit.
Key Insights:
– The ongoing issues highlight the importance of timely patch management and the need for transparent communication between software vendors and system administrators.
– There is a call for better practices in securing systems against known vulnerabilities, particularly for critical servers like Microsoft Exchange.
– The incidents emphasize the need for organizations to prioritize security updates to mitigate potential threats effectively.
In practical terms, security professionals should take the following actions:
– Regularly review and apply patches to software and systems, especially for known vulnerabilities.
– Stay informed about the security advisories from organizations like Microsoft and CISA.
– Implement redundant security measures to protect against exploitation of existing vulnerabilities, such as monitoring and incident response planning.