SecOps and IT administrators have seen plenty of information regarding the GRUB2 BootHole vulnerability. In addition to BootHole, several low to moderate vulnerabilities were also discovered and fixed. While a key recommendation for mitigation is to install OS updates and patches, vendor patches should be carefully tested and incrementally applied to vulnerable assets. Updating the Secure Boot Forbidden Signature Database (dbx) has caused issues in the past. Initial GRUB2 patches from Red Hat caused boot issues for some RHEL and CentOS machines.
Being proactive about protecting your systems, networks, applications and critical data is a cornerstone of a robust, successful security program. Having a vulnerability assessment plan is a way of doing just that—proactively identifying weaknesses within your systems, so you can shore them up before attackers find and take advantage of them.