UEFI (Unified Extensible Firmware Interface) software is an interface between a device’s firmware and the operating system, which handles the booting process, system diagnostics, and repair functions.
Security researchers have discovered major flaws with the UEFI which can allow privileged access, the potential for persistent malware, and allows a threat actor to embedding malicious code in the BIOS.
An attacker with privileged user access to the targeted system can exploit the vulnerabilities to install highly persistent malware. The threat actor can bypass virtualization-based security, Secure Boot, and endpoint security solutions.
- Potential Impact: Privilege escalation, denial of service, information disclosure
- Specific Technology Affected: UEFI firmware from InsydeH2O.
- Severity: High
- Scope of Impact: Industry-wide
- Affected Vendors: There are more than 25 affected vendors, including HP, Lenovo, Fujitsu, Microsoft, Intel, Dell, Bull (Atos) and Siemens.
Want to know about how this vulnerability works, click here
Vendors have begun patching these vulnerabilities. Check your equipment vendor’s website for more information about updated information.
If you are unsure if your business is affected by this vulnerability, contact us ASAP.