Breaking
April 3, 2025

Microsoft has its AI-powered Security Copilot discover a whole host of previously unknown vulnerabilities | usagoldmines.com


  • Microsoft used Security Copilot to scan open source bootloaders for vulnerabilities
  • It discovered 20 new flaws in just a short time
  • Microsoft says the AI tool saved the company at least a week of work

Microsoft has revealed more on how its latest AI tools are proving useful spotting code vulnerabilities and more.

The company has published a new blog post detailing how it used Security Copilot (its AI-powered cybersecurity tool) to find almost two dozen vulnerabilities in different open-source bootloaders.

In total, Microsoft found 11 flaws in GRUB2, and nine more in U-Boot and Barebox.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You’ll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)View Deal

Remote code execution risks

GRUB2 (GRand Unified Bootloader version 2) is a bootloader used in Linux and other Unix-like operating systems to manage the boot process and load the operating system.

U-Boot (Das U-Boot) and Barebox, on the other hand, are bootloaders primarily used in embedded systems. U-Boot is a widely adopted bootloader supporting various architectures, while Barebox is an alternative designed for faster boot times and easier maintenance.

The vulnerabilities span from integer and buffer overflows, to side-channel attacks and out-of-bounds read vulnerabilities.

Some of the flaws could be used to execute arbitrary code, Microsoft said, whereas others would need physical access to the vulnerable device, or would need the device to be infected with malware beforehand.

“While threat actors would likely require physical device access to exploit the U-boot or Barebox vulnerabilities, in the case of GRUB2, the vulnerabilities could further be exploited to bypass Secure Boot and install stealthy bootkits or potentially bypass other security mechanisms, such as BitLocker,” Microsoft said.

“The implications of installing such bootkits are significant, as this can grant threat actors complete control over the device, allowing them to control the boot process and operating system, compromise additional devices on the network, and pursue other malicious activities.”

“Furthermore, it could result in persistent malware that remains intact even after an operating system reinstallation or a hard drive replacement.”

All of the flaws now have a CVE assigned, and their severity is mostly “medium”, with one being rated “high” – 7.8/10.

You might also like

​ 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

Get ready for summer with the Beats Pill portable speaker, now 33% off | usagoldmines.com

MLB.TV is how all baseball streaming should work | usagoldmines.com

Lenovo spills the beans on RTX 5060 and 5060 Ti cards ‘coming soon’ | usagoldmines.com

This App Can Search Maps and Addresses Right From the Menu Bar Justin Pot | usagoldmines.com

The Nintendo Switch 2 Is Boring, and That’s OK Michelle Ehrhardt | usagoldmines.com

The Switch 2's Mouse Controls Are Nintendo at Its Most Playful Michelle Ehrhardt | usagoldmines.com

'Yassou' Makes Veggie-Forward Greek Cooking Accessible Allie Chanthorn Reinmann | usagoldmines.com

These Are The Biggest Skywatching Events in April Emily Long | usagoldmines.com

Kuo: Apple Can Reduce Impact of Trump's Massive Tariffs in Five Ways Joe Rossignol | usagoldmines.co...

CNBC+ Now Available on Apple TV Joe Rossignol | usagoldmines.com

RollerCoaster Tycoon and More Games Now Available on Apple Arcade Joe Rossignol | usagoldmines.com

Royal Mail investigating possible data breach after supplier targeted | usagoldmines.com

Nintendo confirms the Nintendo Switch 2 Joy-Con controllers have been 'designed from the ground up' ...

Verizon security flaw could allow hackers to view entire call history | usagoldmines.com

Five Nights at Freddy's 2 gets December 2025 release date and first teaser, but you won't be able to...

Apple's first iOS 18.5 beta makes it easier to get the old-style Apple Mail back jamie.richards@futu...

NYT Connections hints and answers for Friday, April 4 (game #663) | usagoldmines.com

Quordle hints and answers for Friday, April 4 (game #1166) | usagoldmines.com

NYT Strands hints and answers for Friday, April 4 (game #397) | usagoldmines.com

Old Stripe APIs are being hijacked for credit card skimmer attacks | usagoldmines.com

Explaining MicroSD Express cards and why you should care about them Andrew Cunningham | usagoldmines...

Royal Mail investigating possible data breach after supplier targeted | usagoldmines.com

Hands-on with the Switch 2: It’s the Switch, too Kyle Orland | usagoldmines.com

Samsung turns to China to boost its ailing semiconductor division Financial Times | usagoldmines.com

Everything You Need to Know About Magento 2 Language Translation Extensions Anuradha Sinha | usagold...

Best antivirus software 2025: Keep your PC safe from malware, spyware, and more | usagoldmines.com

Best 4K monitors 2024: HDR, 144Hz, budget, and best overall | usagoldmines.com

Dual boot vs. Virtualization: Which is best for running multiple operating systems? | usagoldmines....

I use Windows Task Manager daily. Here are 9 tips I wish I’d known sooner | usagoldmines.com

I ditched Google Search. Now I’m saving the planet with Ecosia instead | usagoldmines.com

You Should Grow Snacking Peppers Instead of Bell Peppers Amanda Blum | usagoldmines.com

iPhone 17 Pro: New 48MP Telephoto Lens May Change How Zoom Works Tim Hardwick | usagoldmines.com

Intel is discontinuing an app you’ve never heard of – but sadly, that alternative to Windows 11’s Ph...

Okay, the AirPods Max USB-C lossless audio update is now available, for real this time – here's how ...

It looks like Nintendo Switch 2 pre-orders are live at some retailers with some fans securing their ...

The Sonos Era 100 and Ray’s new lower price are a welcome move from a company that wants to win your...

Is ChatGPT's Studio Ghibli craze a copyright timebomb? Here's the verdict from expert lawyers | usa...

Adobe Premiere Pro updates bring some serious AI power | usagoldmines.com

Jewelry Shopping is Going Mobile with a Magento 2 Mobile App – Is Your Brand Ready? Anuradha Sinha |...

Streamlining Food and Beverage Industry Processes with Payment Calendars in Microsoft Dynamics 365 A...

OLED iPad Mini Display in Testing Reportedly Made by Samsung Tim Hardwick | usagoldmines.com

Yes, the Nintendo Switch 2 has more internal storage and supports expandable cards, but you'll need ...

Proton VPN unveils a major revamp to its Windows, iOS, and Android apps chiara.castro@futurenet.com ...

Oracle admits second major security breach, user login data stolen | usagoldmines.com

Most workers are greatly overestimating their AI skills | usagoldmines.com

DDoS attacks are becoming a critical tool in geopolitical battles | usagoldmines.com

Android's Find My Device looks set to get its biggest upgrade soon – and it uses Apple AirTags tech ...

Lenovo accidentally leaks Nvidia RTX 5060 Ti and 5060 models in a desktop PC, suggesting these GPUs ...

Nintendo confirms that certain Switch 2 game cards will just have a download key, but I don't think ...

The Samsung Galaxy S25 Edge’s rumored delay could be due to technical issues, and there’s a chance i...

WordPress owner Automattic announces major layoffs | usagoldmines.com

It's not just you – a weird iOS 18.4 bug is downloading random apps to some people’s iPhones alexbla...

Google’s new Battery Health assistance will intentionally shorten your Pixel 9a’s battery life – and...

Netflix movies and shows are now available in over 30 languages – here's what you need to know | us...

New Samsung Galaxy Watch 8 leak again confirms return of the Classic model stephen.warwick@futurenet...

Google confirms Gemini Live's next big AI upgrade will be widely available on Android – with one cat...

5 reasons VPNs are obsolete and what businesses should use instead | usagoldmines.com

Hyundai reveals its new take on Android Automotive – as Apple CarPlay update update delivers 3 usefu...

Microsoft 50th Anniversary Copilot Event live – our favorite Windows, Surface and Xbox memories and ...

'We had to have the same approach': A Minecraft Movie's simple title was chosen for one very big rea...

The iPhone 17 Pro might have a shorter distance optical zoom than its predecessor – here’s why that ...

These sleek magnetic blocks keep your desk looking like a scene from Severance — 25% off | usagoldm...

Flash Sale: Save $30 on a Microsoft 365 Family Subscription | usagoldmines.com

The AI copyright conundrum | usagoldmines.com

Can AI agents change the world without AGI? | usagoldmines.com

Why no business is safe from state-sponsored cyber attacks | usagoldmines.com

Nikon unveils the Z5 II full-frame mirrorless camera – entry-level just got better, and pricier | u...

Everything New in the iOS 18.5 Beta Juli Clover | usagoldmines.com

The 'Switch 2 doesn't contain any Switch hardware,' Nintendo explains its new platform and what game...

Best PC computer deals: Top picks from desktops to all-in-ones | usagoldmines.com

Apple Releases New Firmware for AirPods Max With Lossless Audio Support Juli Clover | usagoldmines.c...

Apple Stock Falls as Trump Tariffs Target Supply Chain Juli Clover | usagoldmines.com

I Wore Two Oura Rings to See If the Finger You Use Actually Matters Beth Skwarecki | usagoldmines.co...

Apple CEO Tim Cook Sells Stock Worth $24 Million Juli Clover | usagoldmines.com

438 crypto masterminds are responsible for the majority of pump-and-dump crypto coin schemes globall...

The Apple Store That Never Was Joe Rossignol | usagoldmines.com

Tinder’s new ‘Game Game’ is like speed dating a vocal AI erichs211@gmail.com (Eric Hal Schwartz) | u...

We just got our first look at the eShop on the Nintendo Switch 2 jacob.krol@futurenet.com (Jacob Kro...

RFK Jr.‘s bloodbath at HHS: Blowback grows as losses become clearer Beth Mole | usagoldmines.com

Android 16 Beta 3.2 Update Released to Fix Your Haptics Tim | usagoldmines.com

My Favorite Amazon Deal of the Day: The Kindle Paperwhite Kids Daniel Oropeza | usagoldmines.com

Six Ways to Use Landscaping to Enhance Your Home’s Security Jeff Somers | usagoldmines.com

Best Buy could be the best place to secure a Nintendo Switch 2 at launch | usagoldmines.com

After Nvidia, Mediatek may have convinced another huge tech company to use its expertise to develop ...

The Nintendo Switch 2’s interactive-manual bloatware is a paid app, and it’s the last straw followin...

The new Nintendo Switch 2 Camera proves I was right to hope for a new age of Nintendo peripherals – ...

After semiconductors, semimetals might be the next big thing as the tech industry looks for a replac...

$70 and $80 game price tags send an early signal about Switch 2 game pricing Andrew Cunningham | usa...

Google shakes up Gemini leadership, Google Labs head taking the reins Ryan Whitwam | usagoldmines.co...

Male fruit flies drink more alcohol to get females to like them Jennifer Ouellette | usagoldmines.co...

Genres are bustin’ out all over in Strange New Worlds S3 teaser Jennifer Ouellette | usagoldmines.co...

Best laptops 2025: Premium, budget, gaming, 2-in-1s, and more | usagoldmines.com

Group Chats Getting Upgrades on Google Messages Tim | usagoldmines.com

The Four Best Alternatives to Zelle Emily Long | usagoldmines.com

Your Apple Watch Alarm Doesn’t Have to Be Silent Khamosh Pathak | usagoldmines.com

We Finally Know What the Nintendo Switch 2 (and Its Games) Will Cost Jake Peterson | usagoldmines.co...

Without a fresh UI and customization features, the Switch 2 is Nintendo's most boring looking consol...

Over $1.5 billion of crypto was lost to scams or theft in just three months of 2025 | usagoldmines....

Nintendo's incredible plan to beat back Switch 2 scalpers might mean you finally get one lance.ulano...

Vibe coding isn’t here to take developer jobs. It’s here to transform them into AI architects | usa...

Leave a Reply