Stated differently, these scenarios include:
- Acquiring the ability to compromise a server or perform an adversary-in-the-middle impersonation of it to target a device that’s already configured to boot using HTTP
- Already having physical access to a device or gaining administrative control by exploiting a separate vulnerability.
While these hurdles are steep, they’re by no means impossible, particularly the ability to compromise or impersonate a server that communicates with devices over HTTP, which is unencrypted and requires no authentication. These particular scenarios could prove useful if an attacker has already gained some level of access inside a network and is looking to take control of connected end-user devices. These scenarios, however, are largely remedied if servers use HTTPS, the variant of HTTP that requires a server to authenticate itself. In that case, the attacker would first have to forge the digital certificate the server uses to prove it’s authorized to provide boot firmware to devices.
The ability to gain physical access to a device is also difficult and is widely regarded as grounds for considering it to be already compromised. And, of course, already obtaining administrative control through exploiting a separate vulnerability in the operating system is hard and allows attackers to achieve all kinds of malicious objectives.
That said, obtaining the ability to execute code during the boot process, before the main operating system starts, constitutes a major escalation of whatever access an attacker already has. It means the attacker can neutralize many forms of endpoint protection designed to detect compromises. As such, the attack allows for the installation of a bootkit, the term for malware that runs prior to the OS. Unlike many bootkits, however, the one created by exploiting CVE-2023-40547 won’t survive the wiping or reformatting of a hard drive.
Garrett explained:
In theory this shouldn’t give an attacker the ability to compromise the firmware itself, but in reality it gives them code execution before ExitBootServices (the handoff between the firmware still running the hardware and the OS taking over) and that means a much larger attack surface against the firmware—the usual assumption is that only trusted code is running before ExitBootServices. I think this would still be called a boot kit—it’s able to modify the OS bootloader and kernel before execution. But it wouldn’t be fully persistent (if you wipe the disk it’d be gone).
Fixing the vulnerability involves more than just excising the buffer overflow from the shim code. It also requires updating the secure boot mechanism to revoke vulnerable bootloader versions. That, in turn, raises some level of risk. Paul Asadoorian, principal security evangelist at Eclypsium and author of the blog post that raised awareness of the vulnerability, explained:
