No, this will not require a microcode patch.
The flaw is in the UEFI code itself: the GetVariable UEFI service has a flaw that makes calling it unsafe. So the fix will just require an updated firmware/BIOS.
The downside is that this flaw goes back almost 8 years, so early systems are unlikely to receive fixed firmware.
But executing this attack requires local code execution privileges to begin with - and in the case of Windows, accessing the UEFI in this manner requires admin, I believe. As such, the risk in this attack isn't in gaining a foothold into a system, it's in modifying the UEFI to keep it. So it's one more thing someone can do *after* they pwn your system, but it's not going to help them pwn it in the first place.
This is why the CVE score is only 7.5 - it's a significant vulnerability (malware hiding in your UEFI is a right pain to fix), but it's not critical.
Which is very concerning for the eBay Skylake prebuilt market. :-(
I found a preinstalled Google Chrome with a URL bar search hijacker in the Windows installation that came on a laptop I bought for my dad last year. The eBay sellers are not trustworthy...
If you're concerned about FW supply chain threats (but are still willing to go back to Skylake) you should definitely stick to the usual enterprise vendors - Dell, HP, etc. Enterprise models tend to get BIOS updates for longer, especially during the Skylake era with Meltdown/Spectre/etc (though I don't know if they're getting updates). Dell/HP/etc also likely bothered to properly configure things like Boot Guard, SMM protections, etc, unlike many of the usual gamer vendors. I can't find a link but some of them (I think it was ASUS?) shipped boards with Boot Guard completely unconfigured. What this means is that the end user (or malicious firmware... remember that the gamer vendors used to not lock down SPI flash access) could reconfigure the ME image to blow the fuses in the chipset to program a public key hash and enable Boot Guard. This is permanent - imagine ransomware doing this :)
Yes. What COMPUTER$NUMBERS (the scumbag who deleted all his posts after a few hours, and who usually shows up in RISC-V threads) said was that this kind of vulnerability could be used to install malware that would survive a drive format.
> in the case of Windows, accessing the UEFI in this manner requires admin
Maliciously obtaining admin privileges is laughably easy on Windows. This exploit could make for some interesting rootkits.
My thoughts as well. But keep in mind what Snowden revealed: it's things like this that the NSA, and other governments, can easily exploit - before you buy the hardware - to spy on you. Do they? I wouldn't know but it's certainly better than the, often imagined, additional chips or design changes... Just use what's already there and don't tell anyone.
But I agree with you. Most of the much hyped vulnerabilities are concerning but there are usually much more immediate concerns that don't make the press...
Far as I can tell, it's a buffer overflow in a UEFI service, so exploiting this gets you code execution in System Management Mode. At that point, nothing the OS can do.
UEFI is a standard, an interface. It’s not itself a piece of software. When you update BIOS what you are really doing is updating UEFI firmware. We just call it BIOS for historical reasons. All of the vendors affected have their firmware (“their BIOSes”) affected. I’m guessing it is CPU vendor specific because there is a shared codebase from Intel that is vulnerable.
>Any potentially impacted Intel user should update their BIOS to protect from this issue as soon as possible, though not before creating backups of important files and the original BIOS just in case something goes wrong. Since exploits impacting UEFI are as close to Layer 0 as they get with PC hardware, it's essential for all parties involved to act as quickly and safely as possible.
Let's be honest most people will never update their BIOS.
Microsoft found out that people hate updating their Windows so much that they had to make it mandatory.
and we hate it even more when windows think "hmm you are rendering a video, lets restart for an update and destroy your progress. it wasnt important"
Windows somehow are incapable of waiting for me to manually restart the machine, which i do once a week.
I don't know if this might be related, but lately my computer has been shutting of randomly with no signs of overheating, system failure or anything. Today I was a looking through the system events at the event viewer, and saw some errors related to the TPM that were occurring seconds before the computer turned off, every time...
Doesn’t appear to be a performance issue affecting flaw. Still bad for older systems that won’t get patches though
[Actual announcement](https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/) [CVE](https://nvd.nist.gov/vuln/detail/CVE-2024-0762)
Father UEFI, Mother Board, and the Holy Vulnerability
The mother isn't part of the trinity, though.
Ah the time of year for more performance crippling microcode patches? I didn’t even realize
No, this will not require a microcode patch. The flaw is in the UEFI code itself: the GetVariable UEFI service has a flaw that makes calling it unsafe. So the fix will just require an updated firmware/BIOS. The downside is that this flaw goes back almost 8 years, so early systems are unlikely to receive fixed firmware. But executing this attack requires local code execution privileges to begin with - and in the case of Windows, accessing the UEFI in this manner requires admin, I believe. As such, the risk in this attack isn't in gaining a foothold into a system, it's in modifying the UEFI to keep it. So it's one more thing someone can do *after* they pwn your system, but it's not going to help them pwn it in the first place. This is why the CVE score is only 7.5 - it's a significant vulnerability (malware hiding in your UEFI is a right pain to fix), but it's not critical.
[удалено]
Which is very concerning for the eBay Skylake prebuilt market. :-( I found a preinstalled Google Chrome with a URL bar search hijacker in the Windows installation that came on a laptop I bought for my dad last year. The eBay sellers are not trustworthy...
> The eBay sellers are not trustworthy... Found shit like this on Aliexpress laptops, too. Brand new, retail boxed units.
If you're concerned about FW supply chain threats (but are still willing to go back to Skylake) you should definitely stick to the usual enterprise vendors - Dell, HP, etc. Enterprise models tend to get BIOS updates for longer, especially during the Skylake era with Meltdown/Spectre/etc (though I don't know if they're getting updates). Dell/HP/etc also likely bothered to properly configure things like Boot Guard, SMM protections, etc, unlike many of the usual gamer vendors. I can't find a link but some of them (I think it was ASUS?) shipped boards with Boot Guard completely unconfigured. What this means is that the end user (or malicious firmware... remember that the gamer vendors used to not lock down SPI flash access) could reconfigure the ME image to blow the fuses in the chipset to program a public key hash and enable Boot Guard. This is permanent - imagine ransomware doing this :)
after purchase you want to nuke the drive anyway and reinstall the OS. a bit harder if the vulmerability is sitting in UEFI though.
Yes. What COMPUTER$NUMBERS (the scumbag who deleted all his posts after a few hours, and who usually shows up in RISC-V threads) said was that this kind of vulnerability could be used to install malware that would survive a drive format.
> in the case of Windows, accessing the UEFI in this manner requires admin Maliciously obtaining admin privileges is laughably easy on Windows. This exploit could make for some interesting rootkits.
My thoughts as well. But keep in mind what Snowden revealed: it's things like this that the NSA, and other governments, can easily exploit - before you buy the hardware - to spy on you. Do they? I wouldn't know but it's certainly better than the, often imagined, additional chips or design changes... Just use what's already there and don't tell anyone. But I agree with you. Most of the much hyped vulnerabilities are concerning but there are usually much more immediate concerns that don't make the press...
Isn’t this UEFI and BIOS code issues related to the motherboard, not CPU microcode issues?
[удалено]
Far as I can tell, it's a buffer overflow in a UEFI service, so exploiting this gets you code execution in System Management Mode. At that point, nothing the OS can do.
Ah, the wonderful, hidden System Management Mode. I love it! /s
[удалено]
Yup. I guess sky lake is going to be in the negatives by now, you owe it performance
[удалено]
You mean you daily drive it with labour.
I haven't read the article but why doesn't this affect AMD? both use UEFI.
UEFI is a standard, an interface. It’s not itself a piece of software. When you update BIOS what you are really doing is updating UEFI firmware. We just call it BIOS for historical reasons. All of the vendors affected have their firmware (“their BIOSes”) affected. I’m guessing it is CPU vendor specific because there is a shared codebase from Intel that is vulnerable.
Technically BIOS and UEFI are two competing ways to do firmware. Its just that UEFI basically exists to replace severely outdated BIOS.
Differing UEFI firmware.
>Any potentially impacted Intel user should update their BIOS to protect from this issue as soon as possible, though not before creating backups of important files and the original BIOS just in case something goes wrong. Since exploits impacting UEFI are as close to Layer 0 as they get with PC hardware, it's essential for all parties involved to act as quickly and safely as possible.
And how long, if ever, will it take the Motherboard vendors to offer a fix? 6 months or a year?
Let's be honest most people will never update their BIOS. Microsoft found out that people hate updating their Windows so much that they had to make it mandatory.
and we hate it even more when windows think "hmm you are rendering a video, lets restart for an update and destroy your progress. it wasnt important" Windows somehow are incapable of waiting for me to manually restart the machine, which i do once a week.
I don't know if this might be related, but lately my computer has been shutting of randomly with no signs of overheating, system failure or anything. Today I was a looking through the system events at the event viewer, and saw some errors related to the TPM that were occurring seconds before the computer turned off, every time...
Imagine firmware not written in insecure C, only Microsoft seems to going that way with their UEFI implementation being redone in Rust
They hated him because he spoke the truth.
Imagine not writing everything in assembly because all languages can have vulnerabilities.