CVE-2020-26200 : What You Need to Know
Learn about CVE-2020-26200 affecting Kaspersky Rescue Disk and Endpoint Security. Find out how to mitigate the UEFI Secure Boot bypass vulnerability and protect your systems.
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This issue affected Kaspersky Rescue Disk and Kaspersky Endpoint Security with the Full Disk Encryption component installed.
Understanding CVE-2020-26200
This CVE highlights a vulnerability in Kaspersky products that could allow an attacker to bypass UEFI Secure Boot security.
What is CVE-2020-26200?
The vulnerability stemmed from a component in Kaspersky's custom boot loader that permitted the loading of untrusted UEFI modules without proper authenticity checks. This flaw could be exploited to bypass the UEFI Secure Boot feature.
The Impact of CVE-2020-26200
The vulnerability could be leveraged by an attacker with physical access to the computer or by a local administrator with privileges to modify the boot loader component.
Technical Details of CVE-2020-26200
This section provides more in-depth technical insights into the vulnerability.
Vulnerability Description
The vulnerability allowed the loading of untrusted UEFI modules due to inadequate authenticity checks in Kaspersky's custom boot loader.
Affected Systems and Versions
- Kaspersky Rescue Disk: All versions prior to 18.0.11.3 (patch C)
- Kaspersky Endpoint Security with Full Disk Encryption: Versions 10 SP2 MR2, 10 SP2 MR3, 11.0.0, 11.0.1, 11.1.0
Exploitation Mechanism
To exploit this vulnerability, an attacker would need physical access to the computer or local administrator privileges to modify the boot loader component.
Mitigation and Prevention
Protecting systems from CVE-2020-26200 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Apply the necessary patches provided by Kaspersky to address the vulnerability.
- Restrict physical access to systems to prevent unauthorized modifications.
Long-Term Security Practices
- Regularly update and patch Kaspersky products to mitigate potential vulnerabilities.
- Implement strict access controls and user privileges to limit unauthorized system changes.
- Monitor system integrity to detect any unauthorized modifications.
- Educate users on security best practices to prevent exploitation of vulnerabilities.
Patching and Updates
Ensure that Kaspersky Rescue Disk is updated to version 18.0.11.3 (patch C) or later. For Kaspersky Endpoint Security, apply the necessary updates to versions 10 SP2 MR2, 10 SP2 MR3, 11.0.0, 11.0.1, and 11.1.0 to address the vulnerability.