Communications of the ACM
HP Patches 16 UEFI Firmware Bugs Allowing Stealthy Malware Infections
According to Binarly’s report on the vulnerabilities, most of the issues "are repeatable failures, some of which are due to the complexity of the codebase or legacy components that get less security attention, but are still widely used in the field.
Credit: Unified EFI Forum
Researchers at Binarly have discovered 16 high-impact UEFI firmware vulnerabilities affecting multiple HP models, including laptops, desktop computers, PoS systems, and edge computing nodes.
The vulnerabilities could enable hackers to infect devices with malware able to obtain high privileges and avoid detection by installed security software.
The flaws were divided into three categories: SMM Callout (Privilege Escalation), SSM (System Management Module), and DXE (Driver eXecution Environment).
The researchers said, "The active exploitation of all the discovered vulnerabilities can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement."
Firmware updates have been made available through HP's BIOS upgrade portal.
From BleepingComputer
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA
No entries found