Microsoft Security Copilot is an AI tool designed to identify security vulnerabilities since 2023. Recently, Microsoft showcased the effectiveness of Security Copilot in pinpointing real vulnerabilities.
In this latest round, vulnerabilities were discovered in open-source bootloader software like GRUB2, commonly used in Linux, U-boot, Barebox (both prevalent in embedded operating systems). Microsoft employed their Threat Intelligence team to instruct Security Copilot to search for integer overflow vulnerabilities within the bootloader software code. This approach replaced manual code reading by humans.
Microsoft’s team uncovered 11 vulnerabilities in GRUB2 and found interconnected vulnerabilities due to code sharing between U-boot and Barebox. They promptly shared this information with the software development team, who released patches in mid-February 2025.
Source: Microsoft, Bleeping Computer
TLDR: Microsoft Security Copilot AI identified integer overflow vulnerabilities in GRUB2’s code.
Leave a Comment