Kwisityhilelo samva nje, abaphuhlisi be-shim, icandelo elibalulekileyo elisebenza njengenqanaba lokuqala lokulayishwa kwe-boot kwiinkqubo ze-UEFI, badize isiphene esibalulekileyo sokhuseleko kuguqulelo lwabo lwamva nje, i-15.8. Ukulandelwa njenge-CVE-2023-40547, obu buthathaka buthwala amanqaku e-CVSS ye-9.8, ebeka isoyikiso esibalulekileyo kukhuseleko losasazo olukhulu lwe-Linux. Ifunyaniswe yaza yaxelwa nguBill Demirkapi weMicrosoft Security Response Centre (MSRC), isiphene sazisa ukwenzeka kokwenziwa kwekhowudi ekude kunye noKhuseleko lweBoot bypass. Obu buthathaka, bukhoyo kuyo yonke i-Linux bootloader esayinwe kwiminyaka elishumi edlulileyo, iphakamise inkxalabo malunga nefuthe layo elibanzi.
Iinkcukacha ze-CVE-2023-40547
Ubuthathaka obubalulekileyo buhlala kwinkxaso ye-shim ye-http kwaye yaziswa ekukhanyeni ngu-Alan Coopersmith wase-Oracle. Esi siphene sivula umnyango wokubhala ngaphandle kwemida elawulwayo xa kusetyenzwa iimpendulo zeHTTP. Ngokwenyani, inokukhokelela kuKhuseleko lweBoot yokugqitha, okunokuvumela abachasi ukuba benze ikhowudi ekude kwaye balahle inkqubo yonke. I-Eclypsium, i-firmware ye-firmware yokhuseleko, ibonise imvelaphi yobuthathaka kwi-HTTP yokuphatha iprotocol, ekhokelela ekubhaleni ngaphandle kwemida enokuthi ibangele inkqubo epheleleyo yokulalanisa.
Kwimeko yokuxhaphaza okucingelwayo, abahlaseli banokunyusa esi siphene ukulayisha i-shim boot loader, ukuququzelela ukuhlaselwa kweMan-in-the-Middle (MiTM) kwinethiwekhi. Ubuzaza bobu buthathaka bugxininiswa yinto yokuba idlula kuyo yonke i Linux isilayishi sesiqalo esisayinwe kwiminyaka elishumi edlulileyo, ebonisa impembelelo ebalulekileyo enokubakho kuluhlu olubanzi lweenkqubo.
Ubuthathaka obongezelelweyo beShim
Inguqulo ye-Shim 15.8 ayithethi kuphela nge-CVE-2023-40547 kodwa iphinda ilungise ubuthathaka obongezelelweyo obuhlanu, nganye ineseti yayo yeziphumo ezinokuthi zibekho. Obu buthathaka bubandakanya ukufunda nokubhala okungaphandle kwemida, ukuphuphuma kwe-buffer, kunye nemiba enxulumene nokuphathwa kwe-authenticode kunye nolwazi oluKhuselekileyo lwe-Boot Advanced Targeting (SBAT).
Iimpendulo ezikhawulezayo ezivela kuLuhlu lweLinux oluKhulu
Ukuqonda ubunzima bemeko, ukuhanjiswa okukhulu kweLinux okunje ngeDebian, iRed Hat, iSUSE, kunye noBuntu bakhuphe ngokukhawuleza iingcebiso malunga nezi mpazamo zokhuseleko. Abasebenzisi bayabongozwa ngamandla ukuba bahlaziye iinkqubo zabo kuguqulelo lwamva nje lweshim ukunciphisa imingcipheko enokubakho eyayanyaniswa nobo bubuthathaka.
Ukufunyanwa kunye Nezoyikiso ezifanayo
Amagama okuchongwa kwe-malware asebenzisa obu buthathaka asazakubhengezwa ngokubanzi. Nangona kunjalo, ngenxa yobume be-Shim RCE sesichengeni, iingcali zokhuseleko zincoma ukubeka iliso kwi-traffic yenethiwekhi yezicelo ezikrokrelayo ze-HTTP kunye nokuhlawulwa. Izoyikiso ezifanayo ezisebenzisa ubuthathaka be-bootloader zinokubandakanya uhlaselo kwi-firmware, i-UEFI, okanye ezinye izinto ezibalulekileyo zenkqubo yokuqalisa.
Isikhokelo sokuSusa
Ngenxa yobume bobuthathaka obubhekiswe kwi-shim version 15.8, isikhokelo esibanzi sokususa sibalulekile. Landela la manyathelo ukuqinisekisa ukususwa ngokupheleleyo kwazo naziphi na izoyikiso ezinokubakho:
- Hlaziya Shim: Ngokukhawuleza uhlaziye icandelo le-shim kuguqulelo lwe-15.8 okanye kamva usebenzisa iindawo zokugcina ezisemthethweni kunikezelo lwakho lweLinux.
- Jonga imfezeko yeNkqubo: Qinisekisa imfezeko yeefayile zesixokelelwano kunye namalungu e-bootloader usebenzisa izixhobo ezinikezwe lusasazo lweLinux.
- Ukubeka iliso kwinethiwekhi: Lawula itrafikhi yenethiwekhi yazo naziphi na izicelo ze-HTTP ezikrokrelayo okanye umthwalo onokuthi ubonise uhlaselo oluqhubekayo.
- Faka iiPatches zoKhuseleko: Jonga rhoqo kwaye usebenzise iipetshi zokhuseleko ezibonelelwa lusasazo lweLinux yakho ukuqinisekisa ukhuseleko oluqhubekayo.
IiNdlela eziGqwesileyo zoThintelo
Ukuthintela usulelo lwexesha elizayo kunye nokuphucula imeko yokhuseleko jikelele yenkqubo yakho, qwalasela ezi ndlela zilandelayo:
- Uhlaziyo lwarhoqo: Gcina inkqubo yakho yokusebenza, i-bootloader, kunye nayo yonke isoftware efakiweyo isexesheni kunye neendawo zokhuseleko zamva nje.
- Ukwahlulahlula kweNethiwekhi: Ukuphumeza ulwahlulo lwenethiwekhi ukunciphisa impembelelo yokuhlaselwa okunokwenzeka kunye nokuthintela ukunyakaza kwecala ngaphakathi kwenethiwekhi.
- Imfundo yabasebenzisi: Ukufundisa abasebenzisi ngokubaluleka kokuphepha amakhonkco akrokrelayo, izincamatheliso, kunye newebhusayithi ukunciphisa umngcipheko wokuba lixhoba lohlaselo lobunjineli bezentlalo.
- Ukhuseleko lweFirmware: Hlaziya rhoqo kwaye ukhusele amacandelo e-firmware ukujongana nobuthathaka obunokubakho kwi-hardware ephantsi.
isiphelo
Ubuthathaka beShim RCE bubeka isoyikiso esibalulekileyo kukhuseleko lweenkqubo zeLinux, kwaye impembelelo yayo enokubakho kuluhlu olubanzi lweenkqubo ifuna inyathelo elikhawulezileyo. Ngokulandela isikhokelo sokususa esibonelelweyo kunye nokuphunyezwa kweendlela ezilungileyo zokuthintela, abasebenzisi banokuqinisa iinkqubo zabo ngokuchasene nesi sisongelo esibalulekileyo se-cyber kunye nokugcina ukhuseleko oluzinzileyo xa bejongene nemingeni yokhuseleko eguqukayo.