Security researchers disclosed over a dozen serious vulnerabilities affecting UEFI firmware. Threat actors could use the bugs to deploy malware and remain undetected.

Researchers at Binarly announced they’d discovered 16 new high-severity vulnerabilities in various implementations of UEFI firmware.

The vulnerabilities affect multiple HP enterprise devices such as laptops, desktops, point-of-scale systems, and edge computing nodes.

Binarly claims to have cooperated with HP and CERT teams on the disclosure, and HP patched the vulnerabilities.

However, the discovery is particularly dangerous because several of the discovered vulnerabilities work within System Management Module (SSM) and Driver Execution Environment (DXM).

SSM and DXM are activated before the operating systems, meaning that any vulnerabilities exploited in these components exceed OS privileges and can bypass virtually all protections.

In theory, a threat actor could breach the system completely undetected, consistently deploy malware and even survive operating system re-installation, Secure Boot, and Virtualization-Based Security isolation.

According to Binarly’s report on the vulnerabilities, the active exploitation of all the discovered vulnerabilities can’t even be detected by firmware monitoring systems.

“The remote device health attestation solutions will not detect the affected systems due to the design limitations in visibility of the firmware runtime,” claim authors of the report.

HP released two advisories to inform their customers about the vulnerabilities and how to fix them. The company also started releasing firmware updates to mitigate the issue.

“Binarly believes that the lack of a knowledge base of common firmware exploitation techniques and primitives related to UEFI firmware makes these failures repeatable for the entire industry,” said Alex Matrosov, Founder and CEO at Binarly.

More from Cybernews:

The Iron Curtain: which IT-related services got blocked or left the Russian market?

Russians can now access Twitter over the Tor network

Sibling crypto swindlers charged with $124 million in fraud

Anti-war hotline targets 40 million Russians

ESET to stop new sales in Russia and Belarus, aid Ukrainians for free

Subscribe to our newsletter