Microsoft Security Copilot Uncovers Critical Bootloader Vulnerabilities

Microsoft Threat Intelligence, leveraging Microsoft Security Copilot, uncovered multiple vulnerabilities in open-source bootloaders (GRUB2, U-boot, and Barebox) impacting systems using UEFI Secure Boot and IoT devices. These vulnerabilities could allow arbitrary code execution, potentially bypassing Secure Boot and enabling the installation of persistent malware. Security Copilot significantly sped up the discovery process. Patches have been released; users are urged to update their systems.