New Phoenix UEFI firmware flaw threatens a amount of Intel chips, echoing BlackLotus concerns

Can’t diagram shut a rupture: Be aware BlackLotus? A identical contemporary vulnerability has now looked, and it might maybe be the next noteworthy headache for Intel-basically based fully units, including those in step with the most modern Raptor Lake platform. It affects the UEFI firmware, potentially giving attackers a backdoor to wreak havoc on weak PCs.

The flaw (CVE-2024-0762 with a reported CVSS of 7.5) was once came upon within the Phoenix SecureCore UEFI firmware by cybersecurity agency Eclypsium, who diagnosed it on Lenovo ThinkPad X1 Carbon seventh Gen and X1 Yoga 4th Gen units. Further investigation published that the vulnerability affects SecureCore firmware for a broad vary of Intel CPUs, including Alder Lake, Espresso Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake.

That’s every “Lake” launched to this level, so many of of units from predominant manufacturers equivalent to Lenovo, Dell, Acer, and HP might maybe maybe well well be impacted.

The vulnerability is truly a buffer overflow bug came upon within the firmware’s Depended on Platform Module (TPM) configuration, which lets attackers escalate privileges and develop code execution at some level of the UEFI firmware all the blueprint by blueprint of runtime. By overwriting adjoining memory with in moderation crafted knowledge, attackers can elevate privileges and develop code execution abilities at some level of the firmware, enabling them to put in bootkit malware.

“To make certain, this vulnerability lies within the UEFI code handling TPM configuration – in other words, it doesn’t topic while you hang got a security chip like a TPM if the underlying code is wrong,” clarifies Eclypsium.

Such low-stage exploits are changing into increasingly popular within the wild, offering heinous actors with persistent access to units and the technique to work around elevated-stage safety measures within the OS and tool layers.

UEFI firmware is continuously concept of as more staunch thanks to Proper Boot, a characteristic supported by contemporary working methods like Windows, macOS, and Linux. But the discovery of this vulnerability highlights the rising pattern of targeting UEFI bugs to compile malicious bootkits. These bootkits, equivalent to BlackLotus, CosmicStrand, and MosaicAggressor, load early within the UEFI boot course of, granting attackers low-stage access to the system. This makes detection incredibly refined.

Basically basically based on this discovery, Eclypsium coordinated with Phoenix and Lenovo to deal with the flaw. Lenovo has already launched firmware updates for affected units, and potentialities are educated to boom to their respective vendors for the most modern firmware updates. On the opposite hand, it is some distance excessive to show that no longer all units hang available within the market firmware updates on the time of writing, with many planned free of charge up later this twelve months.

At the same time as you are an Intel user, or no longer it is an necessary to change your BIOS as quickly as conceivable. But old to diving in headfirst, be obvious to aid up your necessary recordsdata and the fashioned BIOS, upright in case issues race sideways all the blueprint by blueprint of the change course of.

Within the period in-between, Phoenix Applied sciences disclosed the vulnerability in Might maybe perhaps simply, asserting that mitigations were launched as early as April. “Phoenix Applied sciences strongly recommends potentialities to change their firmware to the most modern version and make contact with their hardware dealer as quickly as conceivable to prevent any likely exploitation of this flaw,” it said.