1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Microsoft has its AI-powered Security Copilot discover a whole ho

    From TechnologyDaily@1337:1/100 to All on Tuesday, April 01, 2025 13:45:08
    Microsoft has its AI-powered Security Copilot discover a whole host of previously unknown vulnerabilities

    Date:
    Tue, 01 Apr 2025 12:32:00 +0000

    Description:
    Almost two dozen new vulnerabilities were found by Security Copilot across different open source bootloaders.

    FULL STORY ======================================================================Microsof t used Security Copilot to scan open source bootloaders for vulnerabilities
    It discovered 20 new flaws in just a short time Microsoft says the AI tool saved the company at least a week of work

    Microsoft has revealed more on how its latest AI tools are proving useful spotting code vulnerabilities and more.

    The company has published a new blog post detailing how it used Security Copilot (its AI-powered cybersecurity tool) to find almost two dozen vulnerabilities in different open-source bootloaders.

    In total, Microsoft found 11 flaws in GRUB2, and nine more in U-Boot and Barebox.

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal Remote code execution risks

    GRUB2 (GRand Unified Bootloader version 2) is a bootloader used in Linux and other Unix-like operating systems to manage the boot process and load the operating system.

    U-Boot (Das U-Boot) and Barebox, on the other hand, are bootloaders primarily used in embedded systems. U-Boot is a widely adopted bootloader supporting various architectures, while Barebox is an alternative designed for faster boot times and easier maintenance.

    The vulnerabilities span from integer and buffer overflows, to side-channel attacks and out-of-bounds read vulnerabilities.

    Some of the flaws could be used to execute arbitrary code, Microsoft said, whereas others would need physical access to the vulnerable device, or would need the device to be infected with malware beforehand.

    "While threat actors would likely require physical device access to exploit the U-boot or Barebox vulnerabilities, in the case of GRUB2, the vulnerabilities could further be exploited to bypass Secure Boot and install stealthy bootkits or potentially bypass other security mechanisms, such as BitLocker," Microsoft said.

    "The implications of installing such bootkits are significant, as this can grant threat actors complete control over the device, allowing them to
    control the boot process and operating system, compromise additional devices on the network, and pursue other malicious activities."

    "Furthermore, it could result in persistent malware that remains intact even after an operating system reinstallation or a hard drive replacement."

    All of the flaws now have a CVE assigned, and their severity is mostly
    medium, with one being rated high - 7.8/10. You might also like Massive
    online data breach sees 2.7 billion records leaked - here's what we know
    We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-has-used-its-ai-powered-secur ity-copilot-to-discover-a-whole-host-of-previously-unknown-vulnerabilities


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)