The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: UEFI Firmware

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops

April 19, 2022Ravie Lakshmanan
Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks," ESET researcher Martin Smolár  said  in a report published today. "Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated," Smolár added. Successful exploitation of the flaws could permit an attacker to disable SPI flash protections or Secure Boot, effectively granting the adversary the ability to install persistent malware that can survive system reboots. CVE-2021-3970, on the other hand, relates to a case of memory corruption in the System Management Mode ( SMM
New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

March 08, 2022Ravie Lakshmanan
Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. The  shortcomings , which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP's UEFI firmware. The variety of devices affected includes HP's laptops, desktops, point-of-sale (PoS) systems, and edge computing nodes. "By exploiting the vulnerabilities disclosed, attackers can leverage them to perform privileged code execution in firmware, below the operating system, and potentially deliver persistent malicious code that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV), Secure Boot and Virtualization-Based Security isolation," American firmware security company Binarly said in a report shared with The Hacker News. The most severe of the flaws concern a number of memory corruption vulnera
Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors

Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors

February 01, 2022Ravie Lakshmanan
As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface ( UEFI ) firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo, among others. The vulnerabilities reside in Insyde Software's InsydeH2O UEFI firmware, according to enterprise firmware security company  Binarly , with a majority of the anomalies diagnosed in the System Management Mode ( SMM ). UEFI is a software specification that provides a standard programming interface connecting a computer's firmware to its operating system during the booting process. In x86 systems, the UEFI firmware is usually stored in the flash memory chip of the motherboard. "By exploiting these vulnerabilities, attackers can successfully install malware that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV),  Secure Boot , and Virtualization-Based Securit
Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

January 21, 2022Ravie Lakshmanan
A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group ( APT41 ). Kaspersky, which codenamed the rootkit  MoonBounce ,  characterized  the malware as the "most advanced  UEFI  firmware implant discovered in the wild to date," adding "the purpose of the implant is to facilitate the deployment of user-mode malware that stages execution of further payloads downloaded from the internet." Firmware-based rootkits, once a rarity in the threat landscape, are fast becoming lucrative tools among sophisticated actors to help achieve long standing foothold in a manner that's not only hard to detect, but also difficult to remove. The first firmware-level rootkit — dubbed  LoJax  — was discovered in the wild in 2018. Since then, three different instances of UEFI malware have been unearthed so far, including  MosaicRegresso
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.