UEFI firmware from Microsoft, Intel, HP, Dell etc., can be at risk from nearly 20 different vulnerabilities

That is the InsydeH2O "Hardware-2-Operating System" UEFI BIOS, a software used by a series of major vendors in the computer field such as Microsoft, Intel, HP, Dell, Lenovo, Siemens, Fujitsu, etc., can be affected by more than two dozen different vulnerabilities, with ratings ranging from common to dangerous.

According to Binarly's investigation results, there are a total of 23 vulnerabilities that mainly affect System Management Mode (SMM). Information about these vulnerabilities is listed below along with their assigned security IDs.

Since these are all firmware-level vulnerabilities, successful exploitation can lead to persistent malware on the system that is almost impossible for users to completely remove.

Binarly describes the detected vulnerabilities as follows:

The majority of disclosed vulnerabilities (CVSS score: 7.5 - 8.2, high severity rating) resulted in code execution with SMM privileges. As part of the exploit chain, these vulnerabilities can be used as a second stage in a malicious process, to bypass security features or achieve long-term survival on the target system. [.]

By exploiting these vulnerabilities, attackers can successfully install malware that exists during the root of the operating system, and allows bypassing endpoint security solutions (EDRs). /AV), Secure Boot, Virtualization-Based Security.

The Binarly team first discovered these vulnerabilities on Fujitsu's LIFEBOOK notebook computers. After extensive investigation, it was quickly realized that not only Fujitsu, but also software from a variety of other manufacturers could be affected by these vulnerabilities. Cause because all are using InsydeH2O UEFI solutions.

David Pac

Update 04 February 2022