GRUB2 Vulnerabilities - CRITICAL UPDATE Secure Boot DBX Updater for Linux, Windows and UEFI (CVE-2021-20233, CVE-2020-25632, CVE-2020-27779, CVE-2021-20225, CVE-2020-27749, CVE-2020-25647)
DESCRIPTION
HPE has released Forbidden Signature Database (DBX) updater files for Windows, Linux and UEFI which will update the DBX Secure Boot database for HPE servers to include forbidden hashes and keys from HPE. The DBX updaters will prevent vulnerable bootloaders, kernels and efi executables from running; specifically, the following vulnerabilities have been addressed: CVE-2021-20233, CVE-2020-25632, CVE-2020-27779, CVE-2021-20225, CVE-2020-27749 and CVE-2020-25647. Updating the server DBX database ensures that compromised code will not run.
https://support.hpe.com/hpesc/public/swd/detail?swItemId=MTX_892a8446116e486baf3619c0f6
Reboot Requirement:
Reboot is optional after installation. Updates will be effective after reboot. Hardware stability will be maintained without reboot.
Installation:
The smart component file, cp047412.exe, is a self-extracting executable file.
Component installation instructions
Place component in a temporary directory on a hard drive. Download cp047412.exe to a temporary directory on a system running a supported version of Microsoft Windows Server OS. By downloading this file, you are agreeing to the license terms in HPE License Agreement v1.pdf.
Verify the SHA256 hash and Authenticode digital signature (instructions are provided below)
Double-click the component filename to run the component.
In the component dialog box, click the Install button to update Secure Boot DBX on the server.
No reboot is required for the update to be effective.
