Last Updated on 03/02/2022 by Nidhi Khandelwal
A total of 23 new high-severity security flaws have been discovered in various implementations of the Unified Extensible Firmware Interface (UEFI) firmware used by a variety of vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, and Lenovo.
According to corporate firmware security firm Binary, the vulnerabilities are found in Insyde Software’s InsydeH2O UEFI firmware, with the majority of the abnormalities discovered in the System Management Mode (SMM).
UEFI is a software standard that connects a computer’s firmware to its operating system during the booting process. The UEFI firmware is commonly stored in the motherboard’s flash memory chip in x86 computers.
A malicious actor could run arbitrary code with SMM permissions, a special-purpose execution mode in x86-based processors that handles power management, hardware configuration, temperature monitoring, and other functions, if the weaknesses are successfully exploited.
“SMM code executes at the highest privilege level and is invisible to the OS, making it an appealing target for malicious activity,” Microsoft notes in its documentation, adding that the SMM attack vector could be exploited by malicious code to trick higher-privilege code into performing unauthorized actions.
Worse, the flaws can be chained together to circumvent security features and install malware in a way that survives operating system re-installations and achieves long-term persistence on compromised systems — as seen in the case of MoonBounce — all while creating a stealthy communications channel to exfiltrate sensitive data.