Intel-powered computers affected by serious firmware flaw (CVE-2024-0762)
A vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI, which runs on various Intel processors, could be exploited locally to escalate privileges and run arbitrary code within the firmware during runtime.
“This type of low-level exploitation is typical of firmware backdoors (e.g., BlackLotus) that are increasingly observed in the wild,” Eclypsium researchers noted.
“Such implants give attackers ongoing persistence within a device and often, the ability to evade higher-level security measures running in the operating system and software layers.”
About CVE-2024-0762
The vulnerability is related to an unsafe call to the GetVariable UEFI service, which could lead to an exploitable stack buffer overflow condition.
“To be clear, this vulnerability lies in the UEFI code handling [Trusted Platform Module] configuration—in other words, it doesn’t matter if you have a security chip like a TPM if the underlying code is flawed,” the researchers noted.
The vulnerability was discovered on two Lenovo ThinkPad laptops but Phoenix Technologies has confirmed that it affects multiple versions of its SecureCore firmware, running on various Intel processor families: Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake. You can be sure that Lenovo’s laptops are not the only vulnerable computers our there.
Phoenix has implemented mitigations in its UEFI earlier this year, and Lenovo has pushed out BIOS updates for its affected devices. Other vendors are sure to follow in their footsteps – if they haven’t already. Users are advised to check vendor websites for the latest firmware updates.
There is currently no mention of in-the-wild exploitation. In truth, widespread exploitation exploitation may be difficult. “The possibility of exploitation depends on the configuration and permission assigned to the TCG2_CONFIGURATION variable, which could be different for every platform,” according to the researchers.
source: HelpNetSecurity
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024