Security Feature Bypass in GRUB - CVE-2020-15705ID: oval:org.secpod.oval:def:90554 | Date: (C)2023-06-26 (M)2024-05-03 |
Class: VULNERABILITY | Family: windows |
Security Feature Bypass in GRUB. Microsoft is aware of a vulnerability in the GRand Unified Boot Loader (GRUB). This vulnerability, known as "There's a Hole in the Boot", could allow for Secure Boot bypass. To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). The attacker could install an affected GRUB and run arbitrary boot code on the target device. After successfully exploiting this vulnerability, the attacker could disable further code integrity checks thereby allowing arbitrary executables and drivers to be loaded onto the target device.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 11 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 |
Microsoft Windows Server |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |