1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • UEFI firmware from top manufacturers has some serious issues

    From TechnologyDaily@1337:1/100 to All on Thu Jan 18 16:45:05 2024
    UEFI firmware from top manufacturers has some serious issues

    Date:
    Thu, 18 Jan 2024 16:28:34 +0000

    Description:
    Hackers abuse PixieFail flaw to install malware on hundreds of servers at once.

    FULL STORY ======================================================================

    The Unified Extensible Firmware Interface (UEFI), a set of routines that boot an operating system, carries almost a dozen vulnerabilities which, when chained together, can be used to deploy malware at firmware level.

    This is according to a new report from Quarkslab, who detailed the flaws, and a proof-of-concept solution.

    The flaws were found in functions related to IPv6 and can be exploited in the Preboot Execution Environment (PXE), when configured to use IPv6. As the environment is often dubbed Pixieboot, the researchers named the
    vulnerability PixieFail. Pixieboot, as ArsTechnica explains, is a mechanism usually used by enterprises to boot up large numbers of devices, such as servers. In such scenarios, the OS is not located on the endpoint itself, but rather on a central server. The devices that are booting up use the Dynamic Host Configuration Protocol to look for the server and then request the OS image. Patches in the works

    In theory, if a person has even the slightest access to the target network (such as a low-level employee, a customer with a cloud account, or a hacker with pre-installed malware or access to customer accounts), they can use it
    to get the endpoints to download a malicious firmware image instead of the clean one.

    The vulnerabilities are tracked as CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45235, CVE-2023-45236, and CVE-2023-45237.

    Arm, AMI, Insyde, Phoenix Technologies, and Microsoft, were all said to be vulnerable to PixieFail. The makers are currently pushing updates to their customers, ArsTechnica added, saying that some have already released their patches. AMI, for example, has released a patch, while Microsoft is currently taking appropriate action.

    Other manufacturers, including Arm, Insyde, and Phoenix, are yet to make a statement.

    While this vulnerability seems to be affecting corporate users most, some researchers are saying that even private users and regular consumers should patch up the flaw as soon as the fixes become available. More from TechRadar Pro This dangerous UEFI bootkit can hijack your Windows PC with ease Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/uefi-firmware-from-top-manufacturers-ha s-some-serious-issues


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)