Akukho nto ingaqhelekanga, idrama zero ... Kodwa enye ifunyenwe Ukuba sesichengeni, i-CVE-2020-10713, echaphazela i-GRUB2 bootloader kunye ne-Boot ekhuselekileyo. Upapasho lweqela lophando lwe-Eclypsium lelona belisemva koku kufunyanwa kwaye babhaptize njengeBootHole. Nditsho noMicrosoft upapashe ungeniso kwisilumkiso sayo sokhuseleko kunye nokubanga ukuba kukho isisombululo esimbaxa ngalo mzuzu.
IBootHole Kukungakhuseleki okuchaphazelayo okuchaphazela iibhiliyoni zezixhobo ezineGRUB2 kunye nezinye ngaphandle kweGRUB2 ezisebenzisa iBoot ekhuselekileyo enje ngeWindows. Kuhlelo lweCVSS kufunyenwe amanqaku njenge-8.2 ngaphandle kwe-10, oko kuthetha ukuba ngumngcipheko omkhulu. Kwaye umhlaseli angathatha ithuba loku ukuze akwazi ukwenza ikhowudi yokuchasana (kubandakanya ne-malware) eyazisiweyo ngexesha lenkqubo yokuqalisa, nokuba ikhuselekile iBoot.
Kakhulu zixhobo iinethiwekhi, iiseva, iindawo zokusebenzela, iidesktops kunye neelaptops, kunye nezinye izixhobo ezinje ngee-SBCs, izixhobo ezithile eziphathwayo, izixhobo ze-IoT, njl.
Ngapha koko, ngokwe-Eclypsium, iya kuba njalo Kunzima ukunciphisa kwaye kuya kuthatha ixesha ukufumana isisombululo. Kuya kufuna uphononongo olunzulu lwe-bootloaders kwaye abathengisi kufuneka bakhuphe iinguqulelo ezintsha ze-bootloaders ezisayinwe yi-UEFI CA. Izakuthatha iinzame ezilungelelanisiweyo phakathi kwabaphuhlisi kumthombo ovulekileyo weMicrosoft kunye noluntu oluhlanganyelweyo kunye nabanye abanini benkqubo abachaphazelekayo ukuthoba iBootHole.
Ngapha koko, benze ifayile ye- ukwenza uluhlu ukuze ukwazi ukulungisa iBootHole kwiGRUB2 kwaye kufuneka:
- Ipatch yokuhlaziya i-GRUB2 kunye nokuphelisa ubungozi.
- Ukuba abaphuhlisi bokunikezelwa kweLinux kunye nabanye abathengisi bakhupha uhlaziyo lwabasebenzisi babo. Zombini kwinqanaba le-GRUB2, i-installers kunye ne-shims.
- I-shims ezintsha kufuneka zisayinwe yi-Microsoft UEFI CA kubantu besithathu.
- Abalawuli beenkqubo zokusebenza kuya kufuneka bahlaziye. Kodwa kufuneka ibandakanye zombini inkqubo efakiweyo, imifanekiso yokufaka kunye nokubuyisa okanye ukuqala imithombo yeendaba abayenzileyo.
- Uluhlu lwe-UEFI Revocation List (dbx) luyakufuna kwakhona ukuhlaziywa kwi-firmware yenkqubo nganye echaphazelekayo ukunqanda ukwenziwa kwekhowudi ngexesha lokuqalisa.
Eyona nto imbi kukuba xa kufikwa kwi-firmware, kufuneka ulumke kwaye ulumke ungagqibi neengxaki kwaye iikhompyuter zihlala kwimowudi yezitena.
Okwangoku, iinkampani ezinje ngeRed Hat, i-HP, iDebian, iSUSE, iCanonical, iOracle, iMicrosoft, iVMWare, iCitrix, iQela leMpendulo yoKhuseleko ye-UEFI kunye nee-OEMs, kunye nabanikezeli besoftware, sele besebenza ukuyisombulula. Nangona kunjalo, kuya kufuneka silinde ukuze sibone iipatches zokuqala.
QAPHELA
Kodwa ukujongela phantsi ukusebenza kwabaphuhlisi kunye noluntu kuya kuba bubudenge. Sele kukho abaviwa abambalwa beepatch ukunciphisa oko kuvela kwiinkampani ezinjengeRed Hat, iCanonical, njl. Bawubhalile lo mbandela njengeyona nto iphambili kwaye iyahlawula.
Ingxaki? Ingxaki kukuba ezi patches zibangela ezinye iingxaki. Indikhumbuza ngento eyenzekileyo ngeMetldown kunye neSpecter patches, ngamanye amaxesha iyeza libi kunesi sifo ...