Security News

The Secure Boot process on almost 300 different PC motherboard models manufactured by Micro-Star International isn't secure, which is particularly problematic when "Secure" is part of the process description. Dawid Potocki, an open source security researcher and student based in New Zealand, found last month that some MSI motherboards with certain firmware versions allow arbitrary binaries to boot despite Secure Boot policy violations.

Over 290 MSI motherboards are reportedly affected by an insecure default UEFI Secure Boot setting settings that allows any operating system image to run regardless of whether it has a wrong or missing signature. Secure Boot is a security feature built into the firmware of UEFI motherboards that ensures only trusted software can execute during the boot process.

Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected boot features. Exploitation of these vulnerabilities could allow offline attackers to generate arbitrary encrypted firmware that are bootable on all Siemens S7-1500 series PLC CPU modules.

The US government's New Year's resolution for 2023: no more TikTok at work. In an email to members and staff Tuesday, the Committee on House Administration banned the use of TikTok from House-managed mobile devices.

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "May allow changes to Secure Boot settings by creating NVRAM variables." Credited with discovering the flaw is ESET researcher Martin Smolár, who previously disclosed similar bugs in Lenovo computers.

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "May allow changes to Secure Boot settings by creating NVRAM variables." Credited with discovering the flaw is ESET researcher Martin Smolár, who previously disclosed similar bugs in Lenovo computers.

Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot on targeted systems. Attackers with high privileges can abuse it in low-complexity attacks that require no user interaction to alter UEFI Secure Boot settings by modifying the BootOrderSecureBootDisable NVRAM variable to disable Secure Boot.

Lenovo has fixed two high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models that could allow an attacker to deactivate UEFI Secure Boot. UEFI Secure Boot is a verification system that ensures no malicious code can be loaded and executed during the computer boot process.

VMware has admitted an update on some versions of its Carbon Black endpoint solution is responsible for BSODs and boot loops on Windows machines after multiple organizations were affected by the problem. The problem surfaced yesterday, with threat hunter Tim Geschwindt stating on Twitter he knew of about 50 organizations struggling with the issue, and saying the Carbon Black endpoint solution was "Causing blue screens of death for devices running sensor version 3.7.0.1253".

Windows users who have installed a new KB5012170 security update for Secure Boot have encountered various issues, ranging from boots failing with BitLocker Recovery prompts to performance issues. During the August 2022 Patch Tuesday, Microsoft released the standalone KB5012170 'Security update for Secure Boot DBX' to resolve vulnerabilities found in various UEFI bootloaders that threat actors could use to bypass the Windows Secure Boot feature and execute unsigned code.