UEFI Firmware Used by Many Vendors Has Dozens of Security Flaws

UEFI Firmware Used by Many Vendors Has Dozens of Security Flaws

Short News:-

Vulnerabilities in InsydeH2O UEFI firmware are found in a number of different devices from Bull Atos, Fujitsu, HP, Juniper, Lenovo, and many others. Vulnerabilities can be chained together to bypass security features and install malware. They can also create a communications channel to exfiltrate sensitive data, as was observed in MoonBounce.

Detailed News:- 

The FwHunt detection for all the problems with the firmware on Fujitsu devices is shown below.

High severity security vulnerabilities have been discovered in a number of different UEFI-enabled devices, including those from Bull Atos; Fujitsu; HP; Juniper; Lenovo; and many others.

As reported by Binarly, the vulnerabilities are found in the InsydeH2O UEFI firmware of Insyde Software and are mainly found in System Management Mode (SMM).

the firmware and operating system are linked through UEFI, which is a standard software specification that provides a standard programming interface for computers. It is common for the UEFI firmware to be stored in the motherboard's flash memory.

While the SMM attack vector can be used to trick another piece of malicious code into performing unauthorized actions, Microsoft notes in its documentation that "SMM code executes in the highest privilege level and is invisible to the OS, which makes it an attractive target for malicious activity.

If that wasn't bad enough, the weaknesses can be chained together to bypass security features, install malware, and achieve long term persistence on compromised systems, as seen in the case of MoonBounce, while also creating a communications channel to exfiltrate sensitive data, as was observed in the case of MoonBounce.

As part of the coordinated disclosure process, Insyde has released firmware patches that address these issues. However, the fact that the software is used by several OEM implementations means that it may take some time for the fixes to actually reach affected devices.

Malware can be successfully installed by exploiting these flaws, which allow attackers to bypass endpoint security solutions (EDR/AV), Secure Boot, and Virtualization-Based Security isolation," the researchers said in a statement.

A malicious actor could run arbitrary code with SMM permissions, a special-purpose execution mode in x86-based processors that handles power management, hardware configuration, thermal monitoring, and other functions if the vulnerabilities are successfully exploited (CVSS scores: 7.5 - 8.2).