• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new 16 high severity uefi firmware flaws discovered in millions of

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

You are here: Home / General Cyber Security News / New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices
March 8, 2022

Cybersecurity scientists on Tuesday disclosed 16 new large-severity vulnerabilities in many implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting various HP company equipment.

The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP’s UEFI firmware. The wide range of devices influenced consists of HP’s laptops, desktops, issue-of-sale (PoS) systems, and edge computing nodes.

“By exploiting the vulnerabilities disclosed, attackers can leverage them to perform privileged code execution in firmware, underneath the operating procedure, and potentially provide persistent destructive code that survives functioning method re-installations and allows the bypass of endpoint security methods (EDR/AV), Protected Boot and Virtualization-Centered Security isolation,” firmware security business Binarly explained in a report shared with The Hacker Information.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

The most intense of the flaws worry a range of memory corruption vulnerabilities in the System Administration Mode (SMM) of the firmware, thus enabling the execution of arbitrary code with the highest privileges.

UEFI Firmware

Subsequent a coordinated disclosure approach with HP and CERT Coordination Middle (CERT/CC), the issues had been dealt with as portion of a collection of security updates transported in February and March 2022.

“Sad to say, most of the issues […] are repeatable failures, some of which are due to the complexity of the codebase or legacy parts that get much less security interest, but are continue to widely employed in the industry,” the scientists pointed out.

The disclosure comes a tiny in excess of a month just after Binarly publicized the discovery of 23 superior-effect vulnerabilities in Insyde Software’s InsydeH2O UEFI firmware that could be weaponized to deploy persistent malware that’s able of evading security systems.

Prevent Data Breaches

The newest conclusions are also important in light of the fact that firmware has emerged as an ever-expanding attack area for risk actors to launch hugely-qualified devastating attacks. At the very least five unique firmware malware strains have been detected in the wild to date because 2018.

“Securing the firmware layer is usually ignored, but it is a one place of failure in equipment and is a person of the stealthiest methods in which an attacker can compromise units at scale,” the U.S. Commerce and Homeland Security departments highlighted in a report posted last thirty day period.

Observed this write-up exciting? Comply with THN on Facebook, Twitter  and LinkedIn to study extra distinctive content we article.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Prison for Man Who Scammed US Government to Buy Pokémon Card
Next Post: Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday microsoft addresses 3 zero days & 3 critical bugs for march»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.