pwshub.com

Microsoft investigates a patch breaking dual-boot PCs

Microsoft says it's investigating issues with a patch intended to plug a two-year-old flaw in the GRUB open source boot loader that is crashing some dual-boot computers running both Windows and Linux. In that crash users are aptly told: "Something went seriously wrong."

The problems began last week after Microsoft released a security update for CVE-2022-2601, a buffer overflow vulnerability in GRUB 2, a bootloader used by a lot of Linux distributions as well as a number of Windows machines. The flaw could allow rogue users or malware on a system to bypass the Secure Boot feature and load malicious code onto a computer during the startup process.

"The latest builds of Windows are no longer vulnerable to this security feature bypass using the Linux GRUB2 boot loader," the August 13 security advisory from Microsoft noted, adding the update would apply to "dual-boot systems that boot both Windows and Linux and should not affect these systems."

According to numerous forums, however, the patch did apply to these dual-boot systems and then didn't allow Linux distros to boot. As one person posted the day after the update:

In response to The Register's questions, Redmond told us that it is working with its Linux partners to fix the issue.

"This update is not applied when a Linux boot option is detected," a Microsoft spokesperson said. "We are aware that some secondary boot scenarios are causing issues for some customers, including when using outdated Linux loaders with vulnerable code. We are working with our Linux partners to investigate and address."

  • Multiple flaws in Microsoft macOS apps unpatched despite potential risks
  • Microsoft rolls out one Teams app to rule them all
  • Microsoft closes Windows 11 upgrade loophole in latest Insider build
  • Iran named as source of Trump campaign phish, leaks

Following the Patch Tuesday push, complaints from Linux users echoed across Reddit and other websites, with one Linux Mint forum netizen suggesting this Ubuntu workaround:

So until Redmond and friends issue a formal fix, this seems to be the best course of action. ®

Microsoft Exchange Server bug under active exploit

In other Microsoft news, the US Cybersecurity and Infrastructure Security Agency (CISA) today added ProxyLogon, a three-year-old Microsoft Exchange Server information disclosure bug that allows for remote code execution to its Known Exploited Vulnerabilities Catalog. Once exploited, an attacker can completely take over an affected Exchange Server.

The vulnerability, tracked as CVE-2021-31196, was patched back in July 2021 prior to anyone finding and exploiting the flaw in the wild. At the time, Redmond said exploitation of this bug was "less likely."

However, "that patch was bypassed multiple times, with some of those bypasses coming through ZDI," said Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative.

"Considering that this is three years old, it's disappointing to see it being exploited," Childs told The Register. "It means that despite all of our warnings about leaving unpatched Exchange servers connected to the internet, it's still occurring."

In September 2022, CISA, the National Security Agency, and FBI along with international law enforcement warned that the Iranian Government's Islamic Revolutionary Guard Corps (IRGC) was actively scanning for this and other CVEs they could use to steal sensitive data and deploy ransomware.

The Register asked both CISA and Microsoft for additional details about who is currently exploiting the Exchange Server flaw, and for what purposes, and will update this if and when we receive a response.

"Microsoft must do better in its outreach to Exchange server administrators," Childs said. "Patching your front-line e-mail server shouldn't be such a challenge. Servers should not be vulnerable to three-year-old vulnerabilities. Unless Microsoft and other vendors make it easier to patch, this sort of attack will continue."

Source: theregister.com

Related stories
1 month ago - Plus: Microsoft issues workaround for dual-boot crashes; ARRL cops to ransom payment, and more Infosec in brief Deniss Zolotarjovs, a suspected member of the Russian Karakurt ransomware gang, has been charged in a US court with allegedly...
3 weeks ago - BalticServers.com Data centers powering the generative AI boom are gulping water and exhausting electricity at what some researchers view as an...
2 weeks ago - AI needs a lot of electricity and water to stay cool in data centers. We break down the toll prompt-by-prompt to show the scale of AI’s environmental needs.
2 weeks ago - PLUS: Payer of $75M ransom reportedly identified; Craigslist founder becomes security philanthropist, and more Infosec In Brief Something's wrong with macOS Sequoia, and it's breaking security software installed on some updated Apple...
2 weeks ago - Concerns over the elimination of a future competitor through acquihiring The Netherlands Authority for Consumers and Markets (ACM) has declared it needs fresh powers after the European Commission elected not to investigate Microsoft's...
Other stories
23 minutes ago - Why You Can Trust CNET Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy...
23 minutes ago - A traditional comforter leaves you warm and cozy, but if you're a hot sleeper, a cooling comforter is what you need.
23 minutes ago - MediaTek's Dimensity 9400 chip supports advanced AI capabilities on phones along with performance improvements.
43 minutes ago - A Washington court is mulling remedies after a landmark decision that Google’s search engine is an illegal monopoly.
1 hour ago - Here's today's Connections answer and hints for groups. These clues will help you solve New York Times' popular puzzle game, Connections, every day!