New UEFI firmware vulnerabilities affect several PC vendors

nanoguy

Posts: 1,243   +24
Staff member
Why it matters: Security researchers have found that the same set of firmware vulnerabilities they discovered in Fujitsu Lifebook systems actually affect many more devices from multiple vendors. The flaws are severe as they allow attackers to bypass hardware security features as well as traditional endpoint security solutions.

Researchers at enterprise security firm Binarly have discovered no less than 23 high-impact vulnerabilities in the BIOS/UEFI firmware used by several computer vendors like Intel, AMD, Lenovo, Dell, HP, Asus, Microsoft, Fujitsu, Juniper Networks, Acer, Bull Atos, and Siemens.

Specifically, the vulnerabilities affect InsydeH2O-based UEFI firmware and many of them are present in the System Management Mode (SMM), which is responsible for providing system-wide power management and hardware control features. Most of the flaws are of the SMM Memory Corruption variety, as well as SMM Callout (Privilege Escalation) and DXE Memory Corruption.

The flaws have been evaluated as severe due to the fact that they allow attackers higher privileges than those of the OS kernel in affected systems. In other words, malware can be written to take advantage of these vulnerabilities that will easily survive operating system re-installation and evade traditional endpoint security solutions like antivirus software and managed Endpoint Detection and Response (EDR).

Furthermore, they allow local and remote attacks that can bypass or invalidate hardware security features like Secure Boot, Intel BootGuard, and Virtualization-Based Security. Malware that exploits the 23 vulnerabilities is essentially invisible to the operating system and also to firmware integrity monitoring systems because of the limitations of the Trusted Platform Module (TPM).

The good news is that Insyde has released firmware patches, and Binarly as well as the CERT/CC were able to contact all 25 vendors that are impacted by the issues they discovered. Official firmware patches are expected to roll out in the coming months, but they will most likely arrive in the second half of this year.

Permalink to story.

 

Bullwinkle M

Posts: 742   +636
Is there a tool or a list that we can use to determine if our system is affected?

"YOU" are the Tool who can determine if "YOUR" system is affected

For example;
Today is the first day in the history of EVER that I heard of some nutjob who claims he invented ZERO TRUST and is now giving "ME" the definition of Zero Trust

When I invented the Zero Trust model, I did it alone, as likely did several other people

I've never heard of this whack job before today >
https://www.zdnet.com/article/the-definition-of-modern-zero-trust/

Nobody gets to define Zero Trust except for the person who needs it, then creates a model that works for them
YOU get to define it!

We have the same problem with Patents in this Country
"We" invent something on our own, as does a thousand other people, then find out that one of those thousand people took "OUR" invention and received a Patent on what is CLEARLY a common solution to a problem that is in no way "unique" or "patentable"

Be the tool!
 
Last edited:

avioza

Posts: 247   +221

Is there a tool or a list that we can use to determine if our system is affected?

The article mentions firmware patches so I guess keep checking your Vendor site.

We have several models of Dell computers at work and will continue checking via a driver update tool as we deploy laptops. If we notice a firmware patch for this come through then we probably will try a remote deployment for the respective model if possible.

Looks like details are still being investigated though from the cert bulletin (796611): https://www.kb.cert.org/vuls/id/796611

 

Bullwinkle M

Posts: 742   +636
If we notice a firmware patch for this come through then we probably will try a remote deployment for the respective model if possible.

That is not the solution

That is the problem

Remote deployment and backdoors mandated by the criminals who prevent you from ever fixing the real problem IS THE PROBLEM!

You cannot remove the backdoors because you would need an open source system, but first eliminate the criminal enterprise mandating DRM enforcement through the courts simply to maintain their illegal Monopolies

Get the real criminals out of the way and close the backdoors!

Whenever other hackers take advantage of the backdoors, you will hear all the morons demanding they be executed

Where is the outrage for those who maintain your insecurity through the legal system to maintain an illegal Monopoly?

Is everyone stupid or do they work for the Monopolies causing the problem?
 

waclark

Posts: 548   +343
SNIP

We have the same problem with Patents in this Country
"We" invent something on our own, as does a thousand other people, then find out that one of those thousand people took "OUR" invention and received a Patent on what is CLEARLY a common solution to a problem that is in no way "unique" or "patentable"

Be the tool!

Have any examples of this? The USPTO states the following:

1. In order for your invention to qualify for patent eligibility, it must cover subject matter that Congress has defined as patentable. The USPTO defines patentable subject matter as any "new and useful" process, machine, manufacture or composition of matter. Machines or processes are patentable subject matter, but the laws of nature are not. So, you can patent a machine for sorting packages, but you can't get a patent for sunlight.

2. The invention must have a "utility," or in other words, be useful. Note that this requirement is only for utility patents (see next question, below).

3. The invention must be "novel," or new.

4. The invention must be "non-obvious," meaning its use or function can't be something that is simply the next logical step of an already patented invention. Much of the argument between the USPTO and patent applicants revolves around the issue of non-obviousness.

5. The invention must not have been "disclosed" to the public prior to the application for the patent. For example, if you've written an article describing the invention before you apply for the patent, the USPTO may deny the application because you've already disclosed the patent and therefore it's public knowledge.

Seems like #4 would prevent the scenario you describe.
 

BigRedPDX

Posts: 287   +201
Is everyone stupid or do they work for the Monopolies causing the problem?
I work for a law firm, and I'm fairly sure we are not monopolizing any market given the small size of the firm. I do, however, need to make sure every system in this place has updated firmware, and I have to be sure to minimize vulnerabilities whenever I can. I update every machine manually, but doing the work remotely isn't the problem. All work done remotely is done internally anyway or via secure VPN.
 

BobHome

Posts: 150   +60
I laughed when I read this line:
"Malware that exploits the 23 vulnerabilities is essentially invisible to the operating system and also to firmware integrity monitoring systems because of the limitations of the Trusted Platform Module (TPM)."

All the fuss about 'You can't run Windows 11 if you don't have TPM'. Yeah, right. <sigh>
 

Bullwinkle M

Posts: 742   +636
I laughed when I read this line:
"Malware that exploits the 23 vulnerabilities is essentially invisible to the operating system and also to firmware integrity monitoring systems because of the limitations of the Trusted Platform Module (TPM)."

All the fuss about 'You can't run Windows 11 if you don't have TPM'. Yeah, right. <sigh>

Yeah, I tried "WhyNotWin11" on my Sandy Bridge

It seems to think Win 11 won't work because....

No TPM
Not enough storage space on C: drive (32GB)
Secure Boot (Disabled)
GPT not detected (MBR Partition)
CPU compatibility (Not supported)
Boot Method (Legacy)

But.....
I was running Windows 11 at the time I received these results

Too Funny