Intel Chips Vulnerable To New Critical UEFI Vulnerability

Cybersecurity researchers have recently disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware, impacting multiple families of Intel Core desktop and mobile processors. This vulnerability, tracked as CVE-2024-0762 and carrying a CVSS score of 7.5, poses significant security risks that need to be understood and mitigated.

What is The Threat?

CVE-2024-0762, also known as "UEFIcanhazbufferoverflow," is a buffer overflow vulnerability resulting from the use of an unsafe variable in the Trusted Platform Module (TPM) configuration. This flaw allows a local attacker to escalate privileges and execute malicious code within the UEFI firmware during runtime.

According to supply chain security firm Eclypsium, "This type of low-level exploitation is typical of firmware backdoors (e.g., BlackLotus) that are increasingly observed in the wild. Such implants give attackers ongoing persistence within a device and often the ability to evade higher-level security measures running in the operating system and software layers."

Who is at Risk?

Devices using Phoenix SecureCore firmware running on select Intel processor families are at risk. These families include:

• AlderLake

• CoffeeLake

• CometLake

• IceLake

• JasperLake

• KabyLake

• MeteorLake

• RaptorLake

• RocketLake

• TigerLake

UEFI firmware, the successor to BIOS, is the first code run with the highest privileges during startup. It initializes hardware components and loads the operating system via the boot manager. Due to its critical role, UEFI is a lucrative target for threat actors aiming to deploy bootkits and firmware implants that can subvert security mechanisms and maintain persistence undetected.

The Implications of the Vulnerability

The compromise of UEFI firmware can give attackers full control and persistence on a device. This means they can potentially:

• Evade detection by higher-level security measures.

• Maintain long-term access to compromised systems.

• Deploy additional malicious payloads with high privileges.

Vulnerabilities in UEFI firmware pose severe supply chain risks as they can impact multiple products and vendors simultaneously. This widespread impact necessitates prompt action from both manufacturers and users to mitigate potential threats.

How to Protect Yourself

Update Firmware

The primary step in protecting against CVE-2024-0762 is to ensure your firmware is updated. Phoenix Technologies and PC maker Lenovo have released updates addressing this flaw. Users should check their device manufacturer's website for the latest firmware updates and apply them promptly.

Monitor Security Advisories

Stay informed about security advisories from your device manufacturer and relevant cybersecurity authorities. Regularly check for updates and patches that address newly discovered vulnerabilities.

Implement Security Best Practices

• Enable Secure Boot: Ensure Secure Boot is enabled in your UEFI settings to prevent unauthorized code from running during the boot process.

• Use Strong Authentication: Implement strong authentication mechanisms to limit access to UEFI settings.

• Regular Security Audits: Conduct regular security audits to ensure your systems are up-to-date and configured securely.

Educate and Train Staff

For organizations, educating and training staff about cybersecurity best practices can significantly reduce the risk of vulnerabilities being exploited. Ensure your IT team is aware of the latest threats and mitigation strategies.

Conclusion

The disclosure of the UEFIcanhazbufferoverflow vulnerability underscores the importance of securing UEFI firmware. While security researchers play a crucial role in identifying and reporting such flaws, it is imperative for both manufacturers and users to act swiftly in applying patches and updates.

Understanding the differences between security research and criminal hacking is essential. Ethical hackers report vulnerabilities to help improve security, while criminal hackers exploit these flaws for malicious purposes. Staying informed, updating systems regularly, and following best practices are key steps in protecting against such threats.

By taking these measures, users and organizations can significantly reduce the risk of exploitation and ensure their systems remain secure against evolving cyber threats.