• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new 16 high severity uefi firmware flaws discovered in millions of

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

You are here: Home / General Cyber Security News / New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices
March 8, 2022

Cybersecurity scientists on Tuesday disclosed 16 new large-severity vulnerabilities in many implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting various HP company equipment.

The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP’s UEFI firmware. The wide range of devices influenced consists of HP’s laptops, desktops, issue-of-sale (PoS) systems, and edge computing nodes.

“By exploiting the vulnerabilities disclosed, attackers can leverage them to perform privileged code execution in firmware, underneath the operating procedure, and potentially provide persistent destructive code that survives functioning method re-installations and allows the bypass of endpoint security methods (EDR/AV), Protected Boot and Virtualization-Centered Security isolation,” firmware security business Binarly explained in a report shared with The Hacker Information.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

The most intense of the flaws worry a range of memory corruption vulnerabilities in the System Administration Mode (SMM) of the firmware, thus enabling the execution of arbitrary code with the highest privileges.

UEFI Firmware

Subsequent a coordinated disclosure approach with HP and CERT Coordination Middle (CERT/CC), the issues had been dealt with as portion of a collection of security updates transported in February and March 2022.

“Sad to say, most of the issues […] are repeatable failures, some of which are due to the complexity of the codebase or legacy parts that get much less security interest, but are continue to widely employed in the industry,” the scientists pointed out.

The disclosure comes a tiny in excess of a month just after Binarly publicized the discovery of 23 superior-effect vulnerabilities in Insyde Software’s InsydeH2O UEFI firmware that could be weaponized to deploy persistent malware that’s able of evading security systems.

Prevent Data Breaches

The newest conclusions are also important in light of the fact that firmware has emerged as an ever-expanding attack area for risk actors to launch hugely-qualified devastating attacks. At the very least five unique firmware malware strains have been detected in the wild to date because 2018.

“Securing the firmware layer is usually ignored, but it is a one place of failure in equipment and is a person of the stealthiest methods in which an attacker can compromise units at scale,” the U.S. Commerce and Homeland Security departments highlighted in a report posted last thirty day period.

Observed this write-up exciting? Comply with THN on Facebook, Twitter  and LinkedIn to study extra distinctive content we article.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Prison for Man Who Scammed US Government to Buy Pokémon Card
Next Post: Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday microsoft addresses 3 zero days & 3 critical bugs for march»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Sioux Falls Funds DSU Cybersecurity Lab
  • ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps
  • Irish Watchdog Fines Meta $19m Over Data Breach
  • Avast Merger Raises Competition Concerns
  • Linux botnet spreads using Log4Shell flaw
  • Another Destructive Wiper Targets Organizations in Ukraine
  • New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
  • New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
  • FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
  • Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

Copyright © TheCyberSecurity.News, All Rights Reserved.