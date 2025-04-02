Technology News
English Edition
  • Home
  • Ai
  • Ai News
  • Microsoft Uses Security Copilot to Identify 20 Flaws in Open Source Bootloaders

Microsoft Uses Security Copilot to Identify 20 Flaws in Open-Source Bootloaders

Microsoft found the vulnerabilities in the GRUB2, U-Boot, and Barebox bootloaders.

Written by Akash Dutta, Edited by David Delima | Updated: 2 April 2025 19:32 IST
Microsoft Uses Security Copilot to Identify 20 Flaws in Open-Source Bootloaders

Photo Credit: Microsoft

Bootloader maintainers have released security updates to fix the issues

Highlights
  • GRUB2 is the default bootloader for many Linux-based systems
  • U-boot and Barebox bootloaders are typically used in embedded systems
  • Microsoft discovered 11 security flaws in the GRUB2 bootloader
Advertisement

Microsoft Security Copilot, an artificial intelligence (AI) cybersecurity tool, was used to discover several previously unknown vulnerabilities in open-source bootloaders. The Redmond-based tech giant recently revealed a list of the security flaws discovered in three commonly used bootloaders. One of the bootloaders is the default for many Linux-based systems, while the other two are typically used for embedded systems and Internet of Things (IoT) devices. Notably, Microsoft has informed the bootloader maintainers about the exploits, and they have released security updates to fix them.

Microsoft Showcases Its AI System's Vulnerability Discovery Process

In a blog post, Microsoft detailed the discovery process and extent of risk with these vulnerabilities. The company used Security Copilot, an AI-powered security analysis tool that can assist in protecting organisations from threat actors as well as discovering security flaws. These vulnerabilities were detected in GRand Unified Bootloader (GRUB2), U-Boot, and Barebox, commonly used bootloaders for operating systems and devices.

GRUB2 is the default bootloader for many Linux-based systems, whereas U-Boot and Barebox are generally seen in embedded systems and IoT devices. Notably, a bootloader is a small program that runs before the operating system (OS) starts. It is responsible for loading the OS into memory and initiating the boot process.

By using AI, Microsoft Threat Intelligence discovered 11 vulnerabilities in GRUB2, including issues like integer overflows, buffer overflows, and a cryptographic side-channel flaw. These security flaws could allow threat actors to bypass the Unified Extensible Firmware Interface (UEFI) Secure Boot, which is designed to prevent unauthorised code from running during the boot process.

Security Copilot also discovered nine vulnerabilities in U-Boot and Barebox. These were primarily buffer overflows that affected file systems such as SquashFS, EXT4, CramFS, JFFS2, and symlinks. Notably, the threat actor would need to have physical access to the device to exploit these flaws, however, the security risk still exists.

In the case of GRUB2, Microsoft explained that the vulnerabilities could be exploited by attackers to install stealthy bootkits remotely. This is concerning, as such bootkits can persist even after reinstalling the operating system or replacing the hard drive.

The teams behind GRUB2, U-Boot, and Barebox have already released security updates in February to address these vulnerabilities. Users are advised to update their systems to the latest versions to protect themselves from potential cyberattacks.

Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Microsoft, Copilot, AI, Artificial intelligence, Cybersecurity, Linux
Akash Dutta
Akash Dutta
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
Lenovo Tipped to Launch High-End Gaming Tablet With Snapdragon 8 Elite SoC
Sony Online Store Begins Accepting USDC via Crypto.com Pay in Singapore

Related Stories

Microsoft Uses Security Copilot to Identify 20 Flaws in Open-Source Bootloaders
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Motorola Edge 60 Pro Alleged Live Renders Leaked Online
  2. Motorola Edge 60 Fusion With MediaTek Dimensity 7400 SoC Launched in India
  3. iQOO Z10X India Launch Date, Design, Key Features Revealed
  4. Vivo V50e India Launch Date, Camera Details Revealed
  5. Lava Bold 5G With 5,000mAh Battery Unveiled in India With This Price Tag
  6. Ghibli Effect: ChatGPT Usage Hits Record After Rollout of Viral Feature
  7. macOS Sequoia 15.4 Update Fixes Several Flaws, Adds Redesigned Mail App
  8. Researchers Claim OpenAI Trained Its AI Models on Copyrighted Content
#Latest Stories
  1. Sony Online Store Begins Accepting USDC via Crypto.com Pay in Singapore
  2. Microsoft Uses Security Copilot to Identify 20 Flaws in Open-Source Bootloaders
  3. Lenovo Tipped to Launch High-End Gaming Tablet With Snapdragon 8 Elite SoC
  4. Solana Policy Institute Launched in Washington DC; Kristin Smith Named President
  5. Lumio Vision Smart TVs to Launch in India on April 10; Amazon Availability Announced
  6. OpenAI Trained AI Models on Copyrighted O'Reilly Media Books, Researchers Claim
  7. Garmin Vivoactive 6 With Smart Wake Alarm, Up to 11 Days Battery Life Launched: Price, Features
  8. Google Updating Gmail to Allow Enterprise Users to Send End-to-End Encrypted Emails Across Platforms
  9. HMD 130 Music, HMD 150 Music With 2W Speaker, UPI Support Launched in India: Price, Specifications
  10. Acer Predator QD-OLED Gaming Monitors With Up to 4K OLED Displays Launched: Price, Specifications
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »