Many PC vendors have a serious problem on their hands. A security researcher has found a UEFI BIOS bug that can be exploited to disable firmware write-protection. Meaning that anyone who is smart enough to exploit what Dmytro Oleksiuk posted on Github can do this:
disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.
Meaning, they can put their own code into the BIOS firmware before the Windows 10 OS boots and pwn the computer completely. That’s just delightful.
Lenovo is at the top of this list and they have an advisory out that the vulnerable came from an upstream BIOS vendor. That means that it is likely that other vendors getting BIOS software from the same company will also be vulnerable. Not only that, there’s this little tidbit:
The package of code with the SMM vulnerability was developed on top of a common code base provided to the IBV by Intel. Importantly, because Lenovo did not develop the vulnerable SMM codeand is still in the process of determining the identity of the original author, it does not know its originally intended purpose. But, as part of the ongoing investigation, Lenovo is engaging all of its IBVs as well as Intel to identify or rule out any additional instances of the vulnerability’s presence in the BIOS provided to Lenovo by other IBVs, as well as the original purpose of the vulnerable code.
That paragraph gives one the impression that this was an intentional back door that was created for who knows what purpose. That’s not good and you can be sure that people at PC manufacturers world wide are scrambling to make sure that computers that they have sold and are currently selling do not get pwned.
Oh, in case you were wondering. There currently is no fix for this. Lovely.
Like this:
Like Loading...
Related
This entry was posted on July 4, 2016 at 8:23 am and is filed under Commentary with tags Lenovo. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
A Potential Back Door Into Many PCs Has Vendors Scrambling
Many PC vendors have a serious problem on their hands. A security researcher has found a UEFI BIOS bug that can be exploited to disable firmware write-protection. Meaning that anyone who is smart enough to exploit what Dmytro Oleksiuk posted on Github can do this:
disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.
Meaning, they can put their own code into the BIOS firmware before the Windows 10 OS boots and pwn the computer completely. That’s just delightful.
Lenovo is at the top of this list and they have an advisory out that the vulnerable came from an upstream BIOS vendor. That means that it is likely that other vendors getting BIOS software from the same company will also be vulnerable. Not only that, there’s this little tidbit:
The package of code with the SMM vulnerability was developed on top of a common code base provided to the IBV by Intel. Importantly, because Lenovo did not develop the vulnerable SMM codeand is still in the process of determining the identity of the original author, it does not know its originally intended purpose. But, as part of the ongoing investigation, Lenovo is engaging all of its IBVs as well as Intel to identify or rule out any additional instances of the vulnerability’s presence in the BIOS provided to Lenovo by other IBVs, as well as the original purpose of the vulnerable code.
That paragraph gives one the impression that this was an intentional back door that was created for who knows what purpose. That’s not good and you can be sure that people at PC manufacturers world wide are scrambling to make sure that computers that they have sold and are currently selling do not get pwned.
Oh, in case you were wondering. There currently is no fix for this. Lovely.
Share this:
Like this:
Related
This entry was posted on July 4, 2016 at 8:23 am and is filed under Commentary with tags Lenovo. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.