Skip to main content

UEFI firmware vulnerabilities affect at least 25 PC vendors

 



Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.

More specifically, a local or remote attacker with administrative privileges exploiting SMM flaws could perform the following tasks:

  • Invalidate many hardware security features (SecureBoot, Intel BootGuard)
  • Install persistent software that cannot be easily erased
  • Create backdoors and back communications channels to steal sensitive data

Comments