Intel, Lenovo and more hit by major BIOS security flaws

UEFI firmware from the software company Insyde carries 23 flaws, many of which are critical and would allow malicious actors to persist in ...

UEFI firmware from the software company Insyde carries 23 flaws, many of which are critical and would allow malicious actors to persist in a target device, install malware, steal sensitive data, all while accessing the endpoint remotely, experts have warned.

The flaws were discovered by firmware protection company Binarly, which claims more than two dozen hardware manufacturers are affected, including top-end OEMs such as  Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.

UEFI (Unified Extensible Firmware Interface) is a software interface that serves as a bridge between the device’s firmware and the operating system. It handles the bootup, system diagnostics, as well as some system repair features.

 High severity flaws 

Of the 23 flaws that were discovered, the majority resides in the System Management Mode (SMM), whose privileges exceed those of the OS.

The 23 flaws are tracked as: CVE-2020-27339, CVE-2020-5953, CVE-2021-33625, CVE-2021-33626, CVE-2021-33627, CVE-2021-41837, CVE-2021-41838, CVE-2021-41839, CVE-2021-41840, CVE-2021-41841, CVE-2021-42059, CVE-2021-42060, CVE-2021-42113, CVE-2021-42554, CVE-2021-43323, CVE-2021-43522, CVE-2021-43615, CVE-2021-45969, CVE-2021-45970, CVE-2021-45971, CVE-2022-24030, CVE-2022-24031, CVE-2022-24069.

Of those, three (CVE-2021-45969, CVE-2021-45970, and CVE-2021-45971) have gotten a 9.8 out of 10 severity rating.

“The root cause of the problem was found in the reference code associated with InsydeH2O firmware framework code,” Binarly’s explained.

“All of the aforementioned vendors (over 25) were using Insyde-based firmware SDK to develop their pieces of (UEFI) firmware.” 

While Insyde released firmware patches to help address the issue, these now need to be accepted by the OEMs and released onto affected products, and that might take a while. What makes the issue that much more complicated is the fact that some of the devices affected have exceeded their end-of-life date and are no longer supported. 

Others may cross that threshold before OEMs come up with a fix. 

BleepingComputer notes that only Insyde, Fujitsu, and Intel have confirmed being affected by the flaws. Rockwell, Supermicro, and Toshiba have confirmed not being impacted. The remaining OEMs are still investigating the matter.

  •  You might also want to check out our list of the best firewalls right now 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/jT9ip3qBs
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Intel, Lenovo and more hit by major BIOS security flaws
Intel, Lenovo and more hit by major BIOS security flaws
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/02/intel-lenovo-and-more-hit-by-major-bios.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/02/intel-lenovo-and-more-hit-by-major-bios.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy