Recent Phoenix UEFI firmware flaw threatens a colossal number of Intel chips, echoing BlackLotus concerns

Cannot uncover a damage: Endure in thoughts BlackLotus? A the same new vulnerability has now seemed, and it’s a long way doubtless to be the subsequent gargantuan headache for Intel-based fully fully devices, together with these based fully fully on doubtlessly the latest Raptor Lake platform. It affects the UEFI firmware, potentially giving attackers a backdoor to wreak havoc on vulnerable PCs.

The flaw (CVE-2024-0762 with a reported CVSS of seven.5) used to be chanced on in the Phoenix SecureCore UEFI firmware by cybersecurity firm Eclypsium, who acknowledged it on Lenovo ThinkPad X1 Carbon Seventh Gen and X1 Yoga 4th Gen devices. Extra investigation revealed that the vulnerability affects SecureCore firmware for a gargantuan series of Intel CPUs, together with Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake.

That’s every “Lake” launched so a long way, so a total bunch of devices from predominant producers equivalent to Lenovo, Dell, Acer, and HP is doubtless to be impacted.

The vulnerability is certainly a buffer overflow bug chanced on in the firmware’s Trusted Platform Module (TPM) configuration, which lets attackers escalate privileges and develop code execution inside of the UEFI firmware all the design in which thru runtime. By overwriting adjacent memory with in moderation crafted knowledge, attackers can elevate privileges and develop code execution abilities inside of the firmware, enabling them to install bootkit malware.

“To make certain, this vulnerability lies in the UEFI code facing TPM configuration – in thoroughly different words, or no longer it’s a long way no longer related whenever you procure a security chip admire a TPM if the underlying code is unsuitable,” clarifies Eclypsium.

Such low-stage exploits are turning into an increasing number of frequent in the wild, offering tainted actors with power accumulate admission to to devices and work spherical greater-stage safety measures in the OS and map layers.

UEFI firmware is frequently thought to be extra receive thanks to Stable Boot, a feature supported by up-to-the-minute working systems admire Residence windows, macOS, and Linux. But the invention of this vulnerability highlights the growing fashion of concentrating on UEFI bugs to construct malicious bootkits. These bootkits, equivalent to BlackLotus, CosmicStrand, and MosaicAggressor, load early in the UEFI boot course of, granting attackers low-stage accumulate admission to to the machine. This makes detection incredibly complicated.

In step with this discovery, Eclypsium coordinated with Phoenix and Lenovo to tackle the flaw. Lenovo has already launched firmware updates for affected devices, and customers are suggested to refer to their respective vendors for doubtlessly the latest firmware updates. On the alternative hand, it’s indispensable to scream that no longer all devices procure readily available firmware updates at the time of writing, with many planned for beginning later this 300 and sixty five days.

For these that’re an Intel user, or no longer it’s mandatory to interchange your BIOS as quickly as attainable. But sooner than diving in headfirst, be trip that to relieve up your necessary files and the fashioned BIOS, impartial in case issues shuffle sideways all the design in which thru the replace course of.

Meanwhile, Phoenix Technologies disclosed the vulnerability in Might per chance per chance well well, asserting that mitigations were launched as early as April. “Phoenix Technologies strongly recommends customers to interchange their firmware to doubtlessly the latest version and contact their hardware seller as quickly as attainable to cease any attainable exploitation of this flaw,” it stated.