Security News

Three high-impact Unified Extensible Firmware Interface security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "Affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks," ESET researcher Martin Smolár said in a report published today.

Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface loaded on at least 100 of its laptop models. A total of three security issues were discovered, two of them allowing an attacker to disable the protection for the SPI flash memory chip where the UEFI firmware is stored and to turn off the UEFI Secure Boot feature, which ensures the system loads at boot time only code trusted by the Original Equipment Manufacturer.

Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface loaded on at least 100 of its laptop models. A total of three security issues were discovered, two of them allowing an attacker to disable the protection for the SPI flash memory chip where the UEFI firmware is stored and to turn off the UEFI Secure Boot feature, which ensures the system loads at boot time only code trusted by the Original Equipment Manufacturer.

Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface firmware impacting multiple HP enterprise devices. The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP's UEFI firmware.

HP has disclosed 16 high-impact UEFI firmware vulnerabilities that could allow threat actors to infect devices with malware that gain high privileges and remain undetectable by installed security software. SSM. CVE-2021-23924: heap buffer overflow leading to arbitrary code execution.

Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. UEFI software is an interface between a device's firmware and the operating system, which handles the booting process, system diagnostics, and repair functions.

As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo, among others. The vulnerabilities reside in Insyde Software's InsydeH2O UEFI firmware, according to enterprise firmware security company Binarly, with a majority of the anomalies diagnosed in the System Management Mode.

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group. Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "Most advanced UEFI firmware implant discovered in the wild to date," adding "The purpose of the implant is to facilitate the deployment of user-mode malware that stages execution of further payloads downloaded from the internet."

Kaspersky researchers have uncovered the third known case of a firmware bootkit in the wild. Having first appeared in the wild in the spring of 2021, MoonBounce demonstrates a sophisticated attack flow, with evident advancement in comparison to formerly reported UEFI firmware bootkits.

The attack models are for drives with flex capacity features and target a hidden area on the device called over-provisioning, which is widely used by SSD makers these days for performance optimization on NAND flash-based storage systems. One attack modeled by researchers at Korea University in Seoul targets an invalid data area with non-erased information that sits between the usable SSD space and the over-provisioning area, and whose size depends on the two.