There’s a Hole in the Boot vulnerability (Boot Hole) and detection with powershell

LomM 41 Reputation points
2020-08-14T06:24:58.783+00:00

Hello,

Microsoft has given guidelines how to detect if your system is affected by this vulnerability. Guide:

https://support.microsoft.com/fi-fi/help/4575994/microsoft-guidance-for-applying-secure-boot-dbx-update

"You can do this (detect if your system is vulnerable) by running the following line of PowerShell from an administrative PowerShell session:

[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Microsoft Corporation UEFI CA 2011'  

However, nowhere is stated what the PowerShell should return. It would be logical that if you get a match your system IS vulnerable. if I run this code with my computer I only get:

17665-boothole.png

Get-SecureBootUEFI help says: If the variable does not exist, this cmdlet displays the following: Variable is currently undefined.

Could someone clarify? Does this mean my computer is NOT affacted? Also, it would be great if you could update the guide to be more clear.

//LomM

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,813 questions
0 comments No comments
{count} votes

Accepted answer
  1. Hannah Xiong 6,251 Reputation points
    2020-08-17T08:57:55.393+00:00

    Hello,

    Thank you so much for posting here.

    As you mentioned, the Get-SecureBootUEFI cmdlet gets the UEFI variable values related to Secure Boot which are: SetupMode, SecureBoot, KEK, PK, SignatureDatabase (DB), and forbidden SignatureDatabase (DBX).

    If the variable does not exist, this cmdlet displays the following:
    Variable is currently undefined.

    According to my research, to check whether our PC is vulnerable to BootHole, we could run the command. If we get a return of "True", then our PC is vulnerable. But no more information about this could be found. Nowhere describes what this output (Variable is currently undefined) mean and what could do with this output.

    Here are some information we would like to share with you. Hope it could be of some help to you.
    https://answers.microsoft.com/en-us/windows/forum/all/microsoft-guidance-for-applying-secure-boot-dbx/d0b9c235-6ed0-4be8-a497-b33eb750d814?auth=1

    https://www.tomsguide.com/news/boothole-hack-windows-linux

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Thank you so much for your understanding and support.

    Best regards,
    Hannah Xiong


0 additional answers

Sort by: Most helpful