Mune zvakazarurwa zvichangoburwa, vagadziri ve shim, chinhu chakakosha chinoshanda seyekutanga-nhanho bootloader pane UEFI masisitimu, varatidza kukanganisa kwakakosha kwekuchengetedza muvhezheni yavo yazvino, 15.8. Yakateedzerwa seCVE-2023-40547, kusazvibata uku kunotakura CVSS mamakisi e9.8, zvichiunza kutyisidzira kukuru kuchengetedzeka kwekugoverwa kukuru kweLinux. Yakawanikwa uye yakashumwa naBill Demirkapi weMicrosoft Security Response Center (MSRC), chikanganiso chinosuma mukana wekuita kodhi kodhi uye Chengetedza Boot bypass. Kusagadzikana uku, kuripo mune yega yega yeLinux bootloader yakasainwa mukati memakore gumi apfuura, yasimudza kushushikana pamusoro pekupararira kwayo.
Ruzivo rweCVE-2023-40547
Kusagadzikana kwakanyanya kunogara mushim's http bhutsu rutsigiro uye yakaunzwa pachena naAlan Coopersmith weOracle. Ichi chikanganiso chinovhura musuwo kune inodzorwa kunze-kwe-yekumisikidzwa kunyora primitive paunenge uchigadzirisa mhinduro dzeHTTP. Muchidimbu, inogona kutungamira kune Yakachengeteka Bhoot bypass, zvichigonesa kubvumira mhandu kuti dziite kure kodhi uye kukanganisa iyo yese system. Eclypsium, kambani yekuchengetedza firmware, yakaratidza kwakabva kusadzivirirwa muHTTP protocol kubata, zvichitungamira kune kunze-kwe-mabhondi kunyora izvo zvinogona kukonzera yakakwana system kukanganisa.
Muchiitiko chekufungidzira chekushandisa, vanorwisa vanogona kukwidziridza chikanganiso ichi kurodha yakakanganiswa shim boot loader, kufambisa Man-in-the-Middle (MiTM) kurwisa kunetiweki. Kuoma kwekusagadzikana uku kunosimbiswa nenyaya yekuti inotenderera kune yega yega Linux bootloader yakasainwa mumakore gumi apfuura, zvichireva kukanganisa kwakakosha kune akasiyana masisitimu.
Kuwedzera Shim Vulnerabilities
Shim vhezheni 15.8 haingotauri chete CVE-2023-40547 asi zvakare inogadzirisa humwe humwe hutsinye hushanu, imwe neimwe iine seti yayo yemhedzisiro. Kusagadzikana uku kunosanganisira kunze-kwe-mabhangi kuverenga nekunyora, buffer mafashama, uye nyaya dzine chekuita nekubata kwe authenticode uye Chengetedza Boot Advanced Targeting (SBAT) ruzivo.
Yekukurumidza Mhinduro kubva kuMakuru Linux Distributions
Nekuona kusimba kwemamiriro ezvinhu, migove mikuru yeLinux senge Debian, Red Hat, SUSE, uye Ubuntu zvakaburitsa kuraira nekukasira maererano nezvikanganiso izvi. Vashandisi vanokurudzirwa zvikuru kuti vagadzirise masisitimu avo kune yazvino shim vhezheni kuti vaderedze njodzi dzinogona kuitika dzine chekuita nekusagadzikana uku.
Kuonekwa uye Kutyisidzira kwakafanana
Mazita ekuonekwa kweiyo malware anoshandisa kusagadzikana uku achiri kuburitswa pachena. Nekudaro, nekupihwa hunhu hweShim RCE kusagadzikana, nyanzvi dzezvekuchengetedza dzinokurudzira kutarisa network traffic kune inofungidzira zvikumbiro zveHTTP uye miripo. Kutyisidzira kwakafanana kunoshandisa kusakwana kwebootloader kunogona kusanganisira kurwiswa kweiyo firmware, UEFI, kana zvimwe zvakakosha zvikamu zvebhoti process.
Removal Nhungamiro
Nekuda kwechimiro chekusagadzikana kwakagadziriswa mushim vhezheni 15.8, yakazara yekubvisa gwara rakakosha. Tevedza nhanho idzi kuti uve nechokwadi chekubviswa kwakazara kwekutyisidzira kunogona kuitika:
- Update Shim: Kurumidza gadziridza iyo shim chikamu kune vhezheni 15.8 kana gare gare uchishandisa iyo yepamutemo repositories yekugovera kwako Linux.
- Tarisa System Kutendeseka: Simbisa kutendeseka kwemafaira ehurongwa uye zvinhu zvebootloader uchishandisa maturusi anopihwa neLinux yako yekugovera.
- Network Kuongorora: Monitor network traffic kune chero zvikumbiro zveHTTP zvinofungidzirwa kana mitoro inogona kuratidza kurwiswa kuri kuramba kuchiitika.
- Shandisa Chengetedzo Patches: Gara uchitarisa uye shandisa zvigamba zvekuchengetedza zvinopihwa neLinux yako kugovera kuti uve nechokwadi chekuchengetedzwa kunoenderera.
Maitiro Akanakisisa Ekudzivirira
Kuti udzivise kutapukirwa neremangwana uye kuwedzera kuchengetedzwa kwese kwese system yako, funga anotevera akanakisa maitiro:
- Nguva Dzese Chengetedza yako sisitimu yekushandisa, bootloader, uye ese akaisirwa software anoenderana neazvino kuchengetedza zvigamba.
- Network Segmentation: Shandisa network segmentation kudzikamisa kukanganisa kwezvinogona kurwiswa uye kudzivirira lateral kufamba mukati metiweki.
- Dzidzo Yemushandisi: Dzidzisa vashandisi nezve kukosha kwekunzvenga zvinofungirwa zvinongedzo, zvakanamirwa, uye mawebhusaiti kudzikisa njodzi yekuwira munjodzi yekurwiswa nesocial engineering.
- Firmware Security: Gara uchivandudza uye chengetedza zvikamu zve firmware kugadzirisa zvinogona kuitika mune yepasi Hardware.
mhedziso
Kusagadzikana kweShim RCE kunoisa kutyisidzira kukuru kune kuchengetedzeka kweLinux masisitimu, uye kugona kwayo kukanganisa kwakasiyana masisitimu kunoda chiito nekukurumidza. Nekutevera gwara rakapihwa rekubvisa uye kuita nzira dzakanakisa dzekudzivirira, vashandisi vanogona kusimbisa masisitimu avo kurwisa kutyisidzira kwe cyber uye kuchengetedza chimiro chekudzivirira chakasimba pamberi pezvinetso zvekuchengetedza.