When booting over the network allows to take over billions of systems. 
Yet another series of critical vulnerabilities in UEFI

Nine vulnerabilities were found by Quarkslab's security team in the networking stack of EDK II, an open source implementation of the UEFI specification, used by nearly all vendors of server and desktop systems.

Who can be affected?

UEFI is commonly employed in modern computer systems, including desktops, laptops, servers, and some embedded systems. The impact of vulnerabilities in the EDK II stack extends to anyone using, developing, or managing systems that rely on UEFI firmware built with this development kit. 

 

  • End Users: Individuals using computers, laptops, or other devices with UEFI firmware based on EDK II might be at risk if network boot is enabled (typically configured through the BIOS "boot order" setting)
  • Enterprises : Organizations using servers, workstations, or other computing infrastructure with UEFI firmware based on EDK II may face security risks if vulnerabilities compromise the integrity of the firmware.
  • Manufacturers: Companies developing and manufacturing hardware that relies on EDK II for firmware may need to address vulnerabilities to ensure the security of their products.
  • Developers: Firmware developers working on projects that utilize the EDK II stack may need to update their code to address discovered vulnerabilities, ensuring the security of the firmware they create.
  • IT Administrators: Professionals managing IT infrastructure, particularly those responsible for maintaining and securing systems with UEFI firmware based on EDK II, may need to take action to mitigate risks posed by vulnerabilities.

What are the known impacts of these vulnerabilities? 
 
These vulnerabilities lead to a total compromise of vulnerable systems, from Denial of Service, to Remote Code Execution, breaking the root of trust. 

What can you do next to ensure your supply chain is secure? 

These vulnerabilities were identified, and documented following a lengthly coordinated vulnerability disclosure process with the CERT-FR (the national  CERT of France, an organization at ANSSI) and CERT/CC (a US CERT organization) to report them to all affected vendors and get them fixed.

The CERT/CC has produced a Vulnerability Note listing the affected vendors and their guidance to fix or mitigate the issues.

https://www.kb.cert.org/vuls/id/132380

How Quarkslab can help you mitigate these vulnerabilities? 
  1. We check whether your implementation is vulnerable or not in order to determine its security status.
  2. Additionally, we test your UEFI, secure boots, and critical code for high value vulnerabilities compromising the global security of your devices. 
Fill the form to discuss the safety of your sensitive equipments. 
Fill out this form to discuss with our experts
 

For the full technical details of the PixieFail vulnerabilities,
read the blog published by Quarkslab security team.  

 
 
 
 
Suivez-nous sur Twitter ! Suivez-nous sur Linkedin !  Suivez-nous sur Youtube !