UEFI (Unified Extensible Firmware Interface) software is an interface between a device’s firmware and the operating system, which handles the booting process, system diagnostics, and repair functions.

Security researchers have discovered major flaws with the UEFI which can allow privileged access, the potential for persistent malware, and allows a threat actor to embedding malicious code in the BIOS.

An attacker with privileged user access to the targeted system can exploit the vulnerabilities to install highly persistent malware. The threat actor can bypass virtualization-based security, Secure Boot, and endpoint security solutions.

  • Potential Impact: Privilege escalation, denial of service, information disclosure
  • Specific Technology Affected: UEFI firmware from InsydeH2O.
  • Severity: High
  • Scope of Impact: Industry-wide
  • Affected Vendors: There are more than 25 affected vendors, including HP, Lenovo, Fujitsu, Microsoft, Intel, Dell, Bull (Atos) and Siemens.

Want to know about how this vulnerability works, click here

Vendors have begun patching these vulnerabilities. Check your equipment vendor’s website for more information about updated information.

If you are unsure if your business is affected by this vulnerability, contact us ASAP.

author avatar
US Service Center Your Business technology Partner
Established in 2002, we are celebrating our 20th Anniversary. US Service Center specializes in wide range of services, including tailored, fully managed IT services and solutions for small and medium businesses and their owners. We are committed to providing each and every one of our clients with high quality service and support. Our unique IT team is incredibly friendly and can help you every step of the way in growing your business.
See Full Bio
social network icon social network icon social network icon social network icon social network icon