62
Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability
(www.theregister.com)
this post was submitted on 12 Mar 2024
62 points (93.1% liked)
cybersecurity
3155 readers
1 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yeah, it actually looks like Ubuntu leaves the module signing key accessible to root on the filesystem:
https://wiki.ubuntu.com/UEFI/SecureBoot#Security_implications_in_Machine-Owner_Key_management
So root access basically gives you kernel access, if you just sign a malicious kernel module with the MOK.