Security researchers disclosed over a dozen serious vulnerabilities affecting UEFI firmware. Threat actors could use the bugs to deploy malware and remain undetected.
Researchers at Binarly announced they’d discovered 16 new high-severity vulnerabilities in various implementations of UEFI firmware.
The vulnerabilities affect multiple HP enterprise devices such as laptops, desktops, point-of-scale systems, and edge computing nodes.
Binarly claims to have cooperated with HP and CERT teams on the disclosure, and HP patched the vulnerabilities.
However, the discovery is particularly dangerous because several of the discovered vulnerabilities work within System Management Module (SSM) and Driver Execution Environment (DXM).
SSM and DXM are activated before the operating systems, meaning that any vulnerabilities exploited in these components exceed OS privileges and can bypass virtually all protections.
In theory, a threat actor could breach the system completely undetected, consistently deploy malware and even survive operating system re-installation, Secure Boot, and Virtualization-Based Security isolation.
According to Binarly’s report on the vulnerabilities, the active exploitation of all the discovered vulnerabilities can’t even be detected by firmware monitoring systems.
“The remote device health attestation solutions will not detect the affected systems due to the design limitations in visibility of the firmware runtime,” claim authors of the report.
“Binarly believes that the lack of a knowledge base of common firmware exploitation techniques and primitives related to UEFI firmware makes these failures repeatable for the entire industry,” said Alex Matrosov, Founder and CEO at Binarly.
More from Cybernews:
Subscribe to our newsletter