Navigating the BootHole Mitigation Process
This event qualifies for * CPEs
Eclypsium researchers recently disclosed an arbitrary code execution vulnerability in the GRUB2 bootloader that can bypass Unified Extensible Firmware Interface (UEFI) and OS Secure Boot, impacting other OS defenses. In this webinar, John Loucaides, VP of Research & Development at Eclypsium, will help government agencies understand how to navigate the complex process of mitigating the GRUB2 BootHole vulnerability - without inadvertently making systems unusable or breaking enterprise disaster recovery processes.
Why is this a concern?
Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them control over the victim device. While Windows does not use GRUB, the fact that UEFI-based computers 'trust' the vulnerable version of GRUB makes it possible for a Windows boot process to be compromised by this vulnerability. The impact includes public/private cloud instances, data center servers, end-user desktops/laptops, and Linux-based OT / IoT devices.
The National Security Agency has released a Cybersecurity Advisory (CSA) on the BootHole vulnerability (CVE-2020-10713), indicating that it poses a risk to a majority of Linux distributions and systems running on Windows 8 or later versions. That includes those on National Security Systems, Department of Defense (DoD) systems, as well as the Defense Industrial Base (DIB).
Join us to learn more about how to safely mitigate this vulnerability!
Speaker and Presenter Information
John Loucaides, VP of Research & Development, Eclypsium
Relevant Government Agencies
DOD & Military, Dept of Homeland Security, Other Federal Agencies, Federal Government, State & Local Government
Event Type
On-Demand Webcast
This event has no exhibitor/sponsor opportunities
Cost
Complimentary: $ 0.00
Website
Click here to visit event website
Event Sponsors
Eclypsium
Organizer
Eclypsium Government Team at Carahsoft