Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities
securityweek
Researchers in Microsoft’s threat intelligence team say they are using AI technologies to uncover security vulnerabilities in popular open-source bootloaders, including GRUB2, U-boot, and Barebox.
Using its Security Copilot tool, the Microsoft team pinpointed at least 20 critical vulnerabilities in open-source bootloaders (including GRUB2, U-boot, and Barebox) in UEFI Secure Boot systems and widely deployed in embedded and IoT devices.
“The vulnerabilities found in the GRUB2 bootloader (commonly used as a Linux bootloader) and U-boot and Barebox bootloaders (commonly used for embedded systems), could allow threat actors to gain and execute arbitrary code,” the company said.
The research project, which combined static code analysis, fuzzing, and AI-driven prompts, saved the research team nearly a week’s worth of manual effort and the company said the AI tool not only flagged potential issues but also helped pinpoint specific vulnerabilities that could be exploited to override critical security mechanisms.
Redmond’s ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE