Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,534
As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface (UEFI) firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo, among others.

The vulnerabilities reside in Insyde Software's InsydeH2O UEFI firmware, according to enterprise firmware security company Binarly, with a majority of the anomalies diagnosed in the System Management Mode (SMM).

UEFI is a software specification that provides a standard programming interface connecting a computer's firmware to its operating system during the booting process. In x86 systems, the UEFI firmware is usually stored in the flash memory chip of the motherboard.

"By exploiting these vulnerabilities, attackers can successfully install malware that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV), Secure Boot, and Virtualization-Based Security isolation," the researchers said.
 

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,534
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.

UEFI (Unified Extensible Firmware Interface) software is an interface between a device’s firmware and the operating system, which handles the booting process, system diagnostics, and repair functions.

In total, Binarly found 23 flaws in the InsydeH2O UEFI firmware, most of them in the software's System Management Mode (SMM) that provides system-wide functions such as power management and hardware control.

SMM’s privileges exceed those of the OS kernel, so any security issues in this space can have severe consequences for the vulnerable system.

More specifically, a local or remote attacker with administrative privileges exploiting SMM flaws could perform the following tasks:

  • Invalidate many hardware security features (SecureBoot, Intel BootGuard)
  • Install persistent software that cannot be easily erased
  • Create backdoors and back communications channels to steal sensitive data
 

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,534
HP has disclosed 16 high-impact UEFI firmware vulnerabilities that could allow threat actors to infect devices with malware that gain high privileges and remain undetectable by installed security software.
These vulnerabilities affect multiple HP models, including laptops, desktop computers, PoS systems, and edge computing nodes.

The flaws were discovered by researchers at Binarly, the same team that published another set of UEFI flaws affecting 25 computer vendors back in February.
A few days after that, the founder of Binarly presented five novel UEFI flaws impacting HP at the OffensiveCon, and HP released the corresponding security update to address them.

Today, Binarly, HP, and the CERT/CC have coordinated the disclosure of the complete set of the newly discovered vulnerabilities, including 11 new vulnerabilities affecting HPE UEFI firmware.
These vulnerabilities are separated into three buckets based on the component/feature being exploited:
...
...
...
 
  • Like
Reactions: Dave Russo