Widely used open-source bootloaders, including GRUB2 for Linux, U-boot, and Barebox, are affected by dangerous flaws that enable attackers to run arbitrary code and take over systems. Microsoft said it used AI to unveil the flaws, saving a week’s worth of time.
Microsoft’s Threat Intelligence team disclosed 20 vulnerabilities in multiple open-source bootloaders, “Impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot as well as IoT devices.”
A bootloader is a critical software component that loads after the firmware, commonly known as UEFI or BIOS. Bootloaders are responsible for loading operating systems.
The discovered flaws allow hackers to execute arbitrary code, which could lead to stealthy bootkit infections and bypass security mechanisms, such as BitLocker.
“The implications of installing such bootkits are significant, as this can grant threat actors complete control over the device, allowing them to control the boot process and operating system, compromise additional devices on the network, and pursue other malicious activities,” Microsoft warns.
While the flaws are dangerous, the exploitation scope is limited as attackers would most likely need to gain physical access to the vulnerable systems.
It's notable that the discovery of the flaws was supercharged by AI. The researchers used the Security Copilot system to identify issues in bootloader functionalities.
The researchers used the AI model to explore which functionalities in a bootloader have the most potential vulnerabilities. It identified networks, filesystems, and cryptographic signatures as the key areas of interest. The researchers then singled out and focused on filesystems.
“This approach saved our team approximately a week’s worth of time that would have otherwise been spent manually reviewing the content,” the report reads.
“Through a series of prompts, we identified and refined security issues, ultimately uncovering an exploitable integer overflow vulnerability.”
Microsoft believes that this example can increase the efficiency of network defenders, security researchers, and SOC analysts.
Eleven of the discovered vulnerabilities (CVEs) affect GRUB2, five CVEs affect Barebox, and the remaining four were found in u-Boot. The discovered flaws were disclosed to maintainers, and the security updates were released for all the bootloaders back in February 2025.
Your email address will not be published. Required fields are markedmarked