23 vulnerabilities identified in UEFI firmware affecting millions of computers from leading manufacturers

Cyber ​​Security SpecialistsBinarly has identified 23 "serious vulnerabilities" affecting all vendors using Insyde Software's Unified Extensible Firmware Interface (UEFI) developer code.

Binarly's official announcement notes that“Issues have been identified across several large enterprise vendor ecosystems,” including Fujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel, and Bull Atos.

Vulnerabilities found in InsydeH20 UEFI code andclassified as hazard class from 7.5 to 8.2 on a ten-point scale. Using the problems identified by experts, hackers will be able to inject malicious code into devices and gain access to the system with privileged rights. As a result, attackers will be able to disable the computer's hardware security features (SecureBoot, Intel BootGuard) and create backdoors to steal confidential data.

At the moment, Insyde Software announceddevelopment of a patch that fixes the problems. Users of home computers who do not update the firmware of the motherboard should not worry about the identified vulnerabilities, since physical access to the device is required to implement a hack. First of all, the problem affected the corporate sector. Experts note that corporate computers can be infected with a malicious virus using identified vulnerabilities on devices from manufacturers such as Fujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel and Bull Atos.

Source: bleepingcomputer