Researchers at Eclypsium have identified a new vulnerability in the Phoenix SecureCode UEFI firmware that runs on Intel Core processors. This vulnerability, known as CVE-2024-0762, has the potential to impact millions of laptops from various manufacturers like Acer, ASUS, Dell, Fujitsu, HP, Lenovo, and MSI.
In a blog post on June 20, Eclypsium researchers highlighted the widespread impact of this vulnerability, noting that Intel Core processors are commonly used in hundreds of PC products. Nate Warfield, director of threat research and intelligence at Eclypsium, stated that approximately 200 million laptops were shipped in 2023 alone, with Lenovo, HP, Dell, ASUS, Acer, and Apple being some of the major players in the market. He estimated that tens of millions of laptops could be affected, impacting thousands of organizations across different industries.
Unlike the LogoFail vulnerabilities discovered last year, which affected boot logo images, CVE-2024-0762 targets the TCG2_CONFIGURATION module that manages Trusted Platform Modules (TPM) in the UEFI firmware. This vulnerability involves an insecure variable in the TPM configuration that could lead to a buffer overflow and potential execution of malicious code.
Eclypsium researchers clarified that the vulnerability lies in the UEFI code responsible for handling TPM configuration, regardless of the presence of security chips like TPM. They initially identified the issue in Lenovo ThinkPad X1 Carbon 7th Gen and X1 Yoga 4th Gen models, but later found that several versions of Phoenix Technologies’ SecureCore firmware, used in different Intel processor families, were also affected.
John Gallagher, vice president of Viakoo Labs, pointed out that this vulnerability specifically targets Phoenix BIOS, as opposed to other major BIOS vendors like AMI or Insyde. He highlighted that the exploit affects systems based on Intel CPUs, a major player in the PC chip market. Gallagher noted that although this exploit is less developed than LogoFail, it has the potential to access all parts of the system during the early stages of system startup without deploying any payload stages.
In conclusion, the vulnerability in the Phoenix SecureCode UEFI firmware poses a significant security threat to millions of laptops using Intel Core processors, affecting a wide range of industries. The potential for buffer overflow and malicious code execution underscores the importance of timely patching and firmware updates to mitigate these risks. Organizations using devices with Intel Core processors should be vigilant and take necessary precautions to protect their systems from potential exploitation.
Article Source
https://www.scmagazine.com/news/phoenix-securecode-uefi-firmware-bug-could-affect-millions-of-intel-based-laptops