Hauv kev tshwm sim tsis ntev los no, cov neeg tsim khoom ntawm shim, qhov tseem ceeb ntawm kev ua haujlwm ua thawj theem bootloader ntawm UEFI systems, tau tshaj tawm qhov tsis txaus ntseeg tseem ceeb hauv lawv qhov tseeb version, 15.8. Taug qab raws li CVE-2023-40547, qhov tsis zoo no yog CVSS tus qhab nia ntawm 9.8, ua rau muaj kev hem thawj rau kev ruaj ntseg ntawm Linux faib loj. Tshawb nrhiav thiab tshaj tawm los ntawm Bill Demirkapi ntawm Microsoft Security Response Center (MSRC), qhov tsis txaus ntseeg qhia txog qhov muaj peev xwm rau kev ua haujlwm ntawm cov chaw taws teeb thiab kev nyab xeeb khau raj bypass. Qhov tsis zoo no, tam sim no nyob rau hauv txhua qhov Linux khau raj loader tau kos npe nyob rau hauv kaum xyoo dhau los, tau ua rau muaj kev txhawj xeeb txog nws qhov cuam tshuam loj heev.
Cov ntsiab lus ntawm CVE-2023-40547
Qhov teeb meem tseem ceeb nyob hauv shim's http boot support thiab tau coj los rau lub teeb los ntawm Alan Coopersmith ntawm Oracle. Qhov kev tsis txaus siab no qhib qhov rooj mus rau qhov kev tswj hwm tawm ntawm cov ciam teb sau qhov qub thaum ua cov lus teb HTTP. Hauv qhov tseem ceeb, nws tuaj yeem ua rau Secure Boot bypass, muaj peev xwm tso cai rau cov yeeb ncuab los ua cov cai tswj hwm chaw taws teeb thiab cuam tshuam tag nrho cov kab ke. Eclypsium, lub tuam txhab ruaj ntseg ruaj ntseg, hais txog lub hauv paus chiv keeb ntawm qhov tsis zoo nyob rau hauv HTTP raws tu qauv tuav, ua rau kev sau ntawv tawm uas tuaj yeem ua rau muaj kev cuam tshuam tag nrho.
Nyob rau hauv qhov kev xav txog kev siv dag zog, cov neeg tawm tsam tuaj yeem siv qhov tsis zoo no txhawm rau txhawm rau txhim kho shim khau raj loader, ua rau Man-in-the-Middle (MiTM) tawm tsam ntawm lub network. Qhov hnyav ntawm qhov tsis zoo no tau lees paub los ntawm qhov tseeb tias nws nthuav dav thoob plaws txhua lub Linux khau raj loader kos npe rau xyoo kaum xyoo dhau los, qhia txog qhov cuam tshuam tseem ceeb ntawm ntau lub tshuab.
Ntxiv Shim Vulnerabilities
Shim version 15.8 tsis tsuas yog hais txog CVE-2023-40547 tab sis kuj kho tsib qhov tsis zoo ntxiv, txhua tus nrog nws tus kheej cov teeb meem tshwm sim. Cov kev tsis zoo no suav nrog kev nyeem ntawv thiab sau ntawv, tsis pub dhau, thiab cov teeb meem cuam tshuam txog kev tuav pov hwm tus lej thiab cov ntaub ntawv ruaj ntseg Boot Advanced Targeting (SBAT).
Cov lus teb tam sim los ntawm Major Linux Distributions
Paub txog lub ntiajteb txawj nqus ntawm qhov xwm txheej, Linux faib loj xws li Debian, Red Hat, SUSE, thiab Ubuntu tau tshaj tawm cov lus qhia tam sim txog cov kev ruaj ntseg tsis zoo no. Cov neeg siv tau thov kom hloov kho lawv cov tshuab mus rau qhov tseeb shim version kom txo tau cov kev pheej hmoo cuam tshuam nrog cov kev tsis zoo no.
Kev txheeb xyuas thiab kev hem zoo sib xws
Tshawb nrhiav cov npe rau cov malware siv cov qhov tsis zoo no tseem tsis tau nthuav tawm dav dav. Txawm li cas los xij, muab qhov xwm txheej ntawm Shim RCE qhov tsis zoo, cov kws paub txog kev ruaj ntseg pom zoo saib xyuas kev sib txuas hauv network rau qhov tsis txaus ntseeg HTTP thov thiab them nyiaj. Cov kev hem thawj zoo sib xws uas siv qhov tsis zoo ntawm bootloader tuaj yeem suav nrog kev tawm tsam ntawm firmware, UEFI, lossis lwm yam tseem ceeb ntawm cov txheej txheem khau raj.
Kev Qhia Tawm Tawm
Vim tias qhov xwm txheej ntawm qhov tsis zoo uas tau hais hauv shim version 15.8, cov lus qhia tshem tawm dav dav yog qhov tseem ceeb. Ua raws li cov kauj ruam no los xyuas kom meej qhov kev tshem tawm tag nrho cov kev hem thawj:
- Hloov tshiab: Tam sim ntawd hloov cov shim tivthaiv rau version 15.8 lossis tom qab ntawd siv cov chaw cia khoom rau koj qhov kev faib tawm Linux.
- Xyuas qhov System Integrity: Txheeb xyuas qhov ncaj ncees ntawm cov ntaub ntawv kaw lus thiab cov khoom siv bootloader siv cov cuab yeej muab los ntawm koj li Linux faib.
- Network saib xyuas: Saib xyuas kev sib txuas hauv network rau txhua qhov tsis txaus siab HTTP thov lossis them nyiaj uas yuav qhia tau tias muaj kev tawm tsam tsis tu ncua.
- Thov Kev Ruaj Ntseg Patches: Tsis tu ncua xyuas thiab siv thaj ua rau thaj chaw ruaj ntseg muab los ntawm koj li Linux faib los xyuas kom muaj kev tiv thaiv tsis tu ncua.
Cov kev coj ua zoo tshaj plaws rau kev tiv thaiv
Txhawm rau tiv thaiv kev kis kab mob yav tom ntej thiab txhim kho kev ruaj ntseg tag nrho ntawm koj lub cev, xav txog cov kev coj ua zoo tshaj plaws hauv qab no:
- Hloov tshiab tsis tu ncua: Khaws koj lub operating system, bootloader, thiab tag nrho cov teeb tsa software mus txog hnub nrog cov kev ruaj ntseg tshiab.
- Network Segmentation: Siv cov segmentation network los txwv qhov cuam tshuam ntawm kev tawm tsam thiab tiv thaiv kev txav mus los hauv lub network.
- Cov neeg siv kev kawm: Qhia cov neeg siv txog qhov tseem ceeb ntawm kev zam kom tsis txhob muaj kev sib txuas tsis txaus ntseeg, txuas, thiab cov vev xaib kom txo qis kev pheej hmoo ntawm kev poob raug tsim txom los ntawm kev tawm tsam social engineering.
- Firmware Security: Tsis tu ncua hloov tshiab thiab ruaj ntseg firmware Cheebtsam los daws qhov muaj peev xwm tsis zoo hauv cov khoom siv hauv qab.
xaus
Qhov tsis zoo ntawm Shim RCE ua rau muaj kev hem thawj rau kev ruaj ntseg ntawm Linux systems, thiab nws cov peev xwm cuam tshuam rau ntau lub tshuab yuav tsum tau ua tam sim. Los ntawm kev ua raws li cov lus qhia tshem tawm thiab ua raws li cov kev coj ua zoo tshaj plaws rau kev tiv thaiv, cov neeg siv tuaj yeem tiv thaiv lawv cov kab ke tiv thaiv qhov kev hem thawj tseem ceeb no thiab tuav lub zog tiv thaiv kev tiv thaiv nyob rau hauv lub ntsej muag ntawm evolving kev ruaj ntseg cov nyom.