62
Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability
(www.theregister.com)
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!
Yeah, it actually looks like Ubuntu leaves the module signing key accessible to root on the filesystem:
https://wiki.ubuntu.com/UEFI/SecureBoot#Security_implications_in_Machine-Owner_Key_management
So root access basically gives you kernel access, if you just sign a malicious kernel module with the MOK.