Researchers at Binarly, a firmware protection company that looks into software vulnerabilities, has just found major flaws in the InsydeH2O UEFI firmware that could allow remote attackers admin privileges through the interface.
InsydeH2O’s UEFI is the preferred boot software interface used by Microsoft, Intel, AMD, Lenovo, Asus, HP, and many other well known hardware vendors, as an alternative to legacy BIOS modes for booting up your machine.
Intel, one of the companies that’s confirmed it’s been affected, announced a while back that it planned to completely replace BIOS by 2020, which it did. Along with many other OEMs, the UEFI firmware was favoured due to its many advantages, including the ability to boot from larger drives, a slicker settings UI, and speedier boot times. One of the main benefits was is its ability to SecureBoot.
For that reason, UEFI has been widely considered the safer boot option.
As Bleeping Computer highlights, the vulnerability discovered could allow attackers to gain admin privileges, and exploit the target PC in a few ways. These include the ability to invalidate hardware security features such as SecureBoot and Intel BootGuard, install persistent software that’s hard to detect and erase, as well as create backdoors and communications channels to rob users of their personal data.
Altogether, 23 flaws were detected. Ten of these could allow some nasty so-and-so privilege escalation ability, twelve could have them exploiting your PC through memory corruption flaws in System Management Mode (SMM), and one is a memory corruption vulnerability inside the Driver eXecution Environment (DXE).
Your next machine
Three of the flaws are even rated a 9.8 on the severity scale, which sounds… well, not great. But don’t panic, it’s getting sorted. It might involve some BIOS flashing at a later date, however.
“The root cause of the problem was found in the reference code associated with InsydeH2O firmware framework code,” the Binarly report states. But Insyde has rolled out updates to address the issue. OEMs will have to adopt the changes to ensure their machines are booting safely from now, but it could take some time for the changes to reach the public.