American firmware security company Binarly reported that , “By exploiting the vulnerabilities disclosed, attackers can leverage them to perform privileged code execution in firmware, below the operating system, and potentially deliver persistent malicious code that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV), Secure Boot, and Virtualization-Based Security isolation.”
Researchers discovered 16 new high-severity vulnerabilities in various implementations of the Unified Extensible Firmware Interface (UEFI) firmware that affect a variety of HP enterprise devices on Tuesday.
The researchers noted that , “some of which are related to the codebase’s complexity or outdated components that receive less security attention but are still frequently utilised in the field.”
Binarly announced the discovery of 23 high-impact vulnerabilities in Insyde Software’s InsydeH2O UEFI firmware a little over a month ago, which may be used to implant persistent malware capable of circumventing security solutions.
The flaws were fixed as part of a set of security upgrades issued on February 2 and 28, 2022, following a coordinated disclosure process with HP and the CERT Coordination Center (CERT/CC).
The most serious flaws are a variety of memory corruption vulnerabilities in the firmware’s SMM , which allow arbitrary code to be executed with the highest abilities.
Finally the researchers concluded that ,” Securing the firmware layer is often disregarded, yet it is a single point of failure in devices and one of the stealthiest techniques in which an attacker can compromise devices at scale. The new findings are especially relevant since firmware has become an ever-expanding attack surface for threat actors to undertake highly-targeted catastrophic attacks.”