A critical bug has been discovered in the Unified Extensible Firmware Interface (UEFI) that could potentially impact hundreds of Intel-powered PC models. This bug, known as “UEFIcanhazbufferoverflow,” affects the Phoenix SecureCore UEFI Trusted Platform Module (TPM) and allows attackers to gain elevated privileges and execute arbitrary code within the UEFI firmware. This vulnerability could potentially lead to the installation of bootkits and malware at the firmware level, providing persistence on a machine even if the operating system is reinstalled. The bug was initially detected on Lenovo ThinkPad X1 Carbon 7th Generation and X1 Yoga 4th Generation devices, and later confirmed to be present in SecureCore firmware for all Intel architectures from Kaby Lake onwards.
The discovery of this flaw raises concerns for PC manufacturers such as Lenovo, Dell, Acer, and HP, who will need time to release updates for the affected systems. Lenovo has already started rolling out updates for some models, with plans to update all affected systems by the end of 2024. However, other manufacturers have not yet announced their update plans for addressing this vulnerability.
One of the challenges in addressing this issue is getting users to install the firmware updates. Due to the potential risks associated with a faulty UEFI update, users are required to opt-in to the installation of these patches. This could pose a problem for less technical users who may not be aware of how to install these updates. It is crucial for Intel-powered PC users to stay vigilant and monitor for firmware updates to mitigate the risks associated with this vulnerability.
In conclusion, the “UEFIcanhazbufferoverflow” bug represents a significant security threat to Intel-powered PCs, potentially allowing attackers to execute malicious code at the firmware level. PC manufacturers are working to release updates to address this vulnerability, but getting users to install these updates may prove to be a challenge. It is essential for users to stay informed about firmware updates and take necessary precautions to protect their systems from potential cyber attacks.
Article Source
https://hothardware.com/news/bios-security-vulnerability-affects-intel-cpus-hundreds-of-devices
