UEFI firmware vulnerabilities affecting Fujitsu, Intel and more discovered

From zdnet.com

Researchers have discovered 23 “high-impact vulnerabilities” affecting any vendors that adopted Independent BIOS Developers (IBV) code into their Unified Extensible Firmware Interface (UEFI) firmware.

Binarly explained the vulnerabilities in a blog post this week, confirming that “all these vulnerabilities are found in several of the major enterprise vendor ecosystems” including Fujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel and Bull Atos. CERT/CC confirmed that Fujitsu, Insyde and Intel were affected but left the others tagged as “unknown,” urging anyone affected to update to the latest stable version of firmware.

According to the blog, the majority of the vulnerabilities disclosed lead to code execution with SMM privileges and had severity ratings of between 7.5 – 8.2. 

Read more…