fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Fixes Secure Boot Bug Allowing Windows Rootkit Installation

Microsoft Fixes Secure Boot Bug Allowing Windows Rootkit Installation

Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system’s booting process even when Secure Boot is enabled.

Secure Boot blocks untrusted operating systems bootloaders on computers with Unified Extensible Firmware Interface (UEFI) firmware and a Trusted Platform Module (TPM) chip to help prevent rootkits from loading during the OS startup process.

Rootkits can be used by threat actors to inject malicious code into a computer’s UEFI firmware, to replace the operating system’s bootloader, to replace parts of the Windows kernel, or camouflage maliciously crafted drivers are legitimate Windows drivers.

The security feature bypass flaw, tracked as CVE-2020-0689, has a publicly available exploit code that works during most exploitation attempts which require running a specially crafted application.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

“An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software,” Microsoft explains.

Affected Windows versions include multiple Windows 10 releases (from v1607 to v1909), Windows 8.1, Windows Server 2012 R2, and Windows Server 2012.

How to install the security update

To block untrusted or known vulnerable third-party bootloaders when Secure Boot is toggled on, Windows devices with UEFI firmware use the Secure Boot Forbidden Signature Database (DBX).

The KB4535680 security update released by Microsoft as part of the January 2021 Patch Tuesday addresses the vulnerability by blocking known vulnerable third-party UEFI modules (bootloaders) to the DBX.

Users have to install this standalone security update in addition to the normal security update to block attacks designed to exploit this Secure Boot vulnerability.

If automatic updates are enabled on the computer, the security update will be installed automatically, without user intervention needed.

However, on systems where updates need to be installed manually, you will be required to first download KB4535680 for their platform from the Microsoft Update Catalog.

Next, you will have to make sure that a specific Servicing Stack Update is installed before deploying the standalone security update (you can find the list here).

If you also need to manually install the January 2021 Security Updates, the three updates should be installed in the following order:

  • Servicing Stack Update
  • Standalone Secure Boot Update listed in this CVE
  • January 2021 Security Update

On systems where Windows Defender Credential Guard (Virtual Secure Mode) is also enabled, installing the KB4535680 standalone update will require two additional reboots.

Microsoft also released guidance for applying Secure Boot DBX updates after the disclosure of the BootHole GRUB bootloader vulnerability in July 2020 which also allows for Secure Boot bypass.

Also Read: Personal Data Websites: 3 Things That You Must Be Informed

The company added at the time that it “plans to push an update to Windows Update to address” the BootHole vulnerability in 2021.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us