This week we woke up to news of a new severe buffer overflow vulnerability (CVE-2020-10713) also known as ‘BootHole’ that threatens most every Linux distribution, Windows 8 and 10. The vulnerability exists in the GRUB 2 boot loader that enables an attacker already in the system to run malicious code on victim systems. According to researchers at Eclypsium who first wrote on the bug, what makes this vulnerability so severe is that if exploited an attacker could gain persistence and get “near-total control” of the device. With the global coordination of software and device vendors a patch was released, and users are being urged to make the update.
However, this vulnerability, was first discovered in April of 2020 and was only announced this week with the coordinated release of a patch to fix the issue. During the three-month gap between the discovery of the vulnerability and the patch release, users went unprotected and there was nothing to stop the attackers. As we outlined in our Identifying the True Patch Gap whitepaper, this is not unusual and even patch gaps of over 7 years can exist.
What will be important to watch is whether end users apply this critical patch in a timely manner. Researchers found that it takes Russian nation state hackers just 20 minutes to start attacking an unpatched system once a vulnerability is announced. Historically there have been a variety of issues preventing users from applying patches in a timely way, which makes panic patching an even bigger problem. Given that vulnerabilities will always exist, it is important that organizations have a way to ensure they are protected during any patch gap and enable them to patch these vulnerabilities on their own time. One solution that can provid that protection in this case is Polyverse Polymorphing.
Polymorphing hardens your chosen Linux distribution by scrambling the low-level machine code to create a unique version of the operating system. This is achieved by running the source code through an advanced polymorphic compiler. The result is a Linux stack with a randomized binary makeup and resource mapping, but with absolutely no changes to how it functions, performs or operates. This novel solution makes unpatched systems impervious to 100 percent of zero-day memory exploits, as well as everything in the code-injection, overflow or memory-corruption attack categories. With Polymorphing protect yourself from the patch gap of the next severe vulnerability that will inevitably keep you up at night.