Security on older Intel BIOS firmware is a bit of a floppy; Get Patching!

Atoms, Celerons and Pentiums, Oh God

The good news is that there are patches for most affected processors, but unfortunately some older processor families like Kaby Lake are likely to remain vulnerable as it has been a long time since motherboard manufacturers released the new Z270 BIOS. It is unlikely that after this, and the same could be true for Z390 boards. It doesn’t even go into embedded products that are also vulnerable.

Two of the three Intel BIOS firmware errors, called CVE-2021-0157 and CVE-2021-0158, could lead to an escalation of privileges on the machine if someone can gain physical access to it. Generally this means that the error is considered less serious than the one that can be run remotely, however in this case the target attack on the SMM code stored in the SMRAM on the motherboard. If the attack is successful, an attacker could modify that code to install BIOS-level hacks that are almost impossible to detect because SMRAM is inaccessible to your OS or any application including virus scanners and can be quite problematic to remove if you find evidence of to. .

A third Intel BIOS error in the firmware will take you where the tire goes, because one of the vulnerable chips of the Atom E3900 is a built-in processor found in more than 30 car models, including Tesla’s Model 3, if the rumors are true. That Atom, as well as other built-in Pentium and Celeron models are found in IoT devices and you will need to depend on the manufacturer to provide you with updates to install. The record of IoT companies that have done so in the past leaves much to be desired, and few people are familiar with how to update the firmware on their cars.

This third vulnerability could allow an attacker to extract an Intel CSME firmware key or root encryption key provided by Intel Platform Trust Technology and Enhanced Privacy ID, allowing them to install their own updates that will go through every and every attempt to find it as their updates would be as reliable as the original firmware.

Source link

Naveen Kumar

Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button