To exploit this, an attacker would need remote administrative access or physical access. In both of those scenarios you may have much bigger problems than this latest exploit.
(For example, the computer that I am on at the moment is vulnerable to this exploit but if someone has physical access to that computer, the most likely scenario is that they are stealing it and I will never see it again, rather than that they are subtly installing an exploit via
grub.cfg for further future nefarious activities on their part.)
Yes and no.
I don’t think anyone has ever said that Microsoft is the only permitted signer. Some other large, reputable player in the open source arena could step up and be an alternative.
However there is a philosophical difficulty with the entire approach i.e. you own the computer but any company is the gatekeeper for what software you can boot on your computer.
(I 100% understand that for your typical droid Windows user, implementing a trusted boot path like this is better than not doing so.)
You may be able to bypass this process by getting Microsoft to one-off sign a shim that makes no further validation before loading another executable. So you get UEFI and SecureBoot - but you get zero protection out of it.
What did you actually have in mind regarding “leverage”?