According to recent reports, the UEFI/BIOS-based assaults bypass security safeguards and remain through drive formatting and system re-installations, and attackers can exploit the flaws remotely.
Binary security researchers found 23 high-impact vulnerabilities in BIOS/UEFI software from a variety of system vendors, including Intel, Microsoft, Lenovo, Dell, Fujitsu, HP, HPE, Siemens, and Bull Atos (via Bleeping Computer). SMM Callout or Privilege Escalation, SMM Memory Corruption, and DXE Memory Corruption are among the vulnerabilities.
The MoonBounce malware, which lurks in your BIOS chip, made headlines last week, but Binarly’s disclosure suggests a wide spectrum of UEFI vulnerabilities that may be used to install malware or even fresh tainted firmware packages.
These flaws have a significant impact since they allow attackers to circumvent security mechanisms like Secure Boot, Virtualization-Based Security (VBS), and even Trusted Platform Modules (TPM). The flaws in the UEFI not only allow malware to be put on the machine, but they also allow malware to survive operating system reinstallations, making malware almost undetected and indestructible.
Binary discovered that the problem causing all of these flaws was linked to InsydeH20, a firmware framework code used to create motherboard BIOSes/UEFIs. For motherboard development, all of the appropriate suppliers were using Insyde’s firmware SDK.
Binary launched the inquiry after discovering many recurrent irregularities on twenty distinct enterprise equipment, including Fujitsu’s Lifebook notebooks. However, as Binary dug deeper into the issue, it discovered that a large number of other OEMs were experiencing similar issues.
Binary reported the concerns to the CERT/CC, a Vulnerability Notes Database that provides details about software vulnerabilities, as soon as they were discovered. Both the CERT/CC and Binary were successful in contacting all 25 affected vendors.
If you’re concerned about getting infected, there will be a means to see if your machine has been infected with these exploits. Binary created FwHunt, a piece of software that detects susceptible code patterns. However, for the time being, the rules are concealed and will be released via GitHub once the security warning is made public.
Binary, claims that by leveraging the VINCE platform to communicate with different vendors/parties, they were able to cut the security fix time down to 5 months. As a result, we can anticipate formal firmware updates in the second half of 2022.
also read:
Google reports tremendous growth of its quarterly sales surpassing all previous forecasts
