Not at all surprised, motherboard firmware from most vendors has always been a steaming pile of shit code, often not even built to spec.
The nine vulnerabilities that comprise PixieFail reside in TianoCore EDK II, an open source implementation of the UEFI specification. The implementation is incorporated into offerings from Arm Ltd., Insyde, AMI, Phoenix Technologies, and Microsoft. The flaws reside in functions related to IPv6, the successor to the IPv4 Internet Protocol network address system. They can be exploited in what’s known as the PXE, or Preboot Execution Environment, when it’s configured to use IPv6.
Not all hardware manufacturers are effected and it’s based on a specific open source implementation of UEFI.
Aren’t AMI, Insyde and Phoenix providers for 98% of PC (be it board or OEM) vendors though?
And AFAIR, TianoCore is basically used everywhere by everyone as a base except maybe Apple.
You may be right, I didn’t think those three were that much of the market, but maybe I’m wrong.
I thought Tiano was a reference UEFI developed by Intel? So I’m not entirely sure its used by AMD, but maybe it is?
EDK and EDK II are open source projects that spun off of that reference developed by Intel.
I suppose the main thing I was trying to get across is that OP seemed to be blaming motherboard manufacturers for bad code… but this is the base open source code that is causing the issues, prior to implementation by motherboard manufacturers. Hence why it impacts so many.
I am pretty sure TianoCore is also used by AMD systems as a reference as well.
Here’s a similar situation that happened in 2019 at Lenovo’s site
https://support.lenovo.com/cl/es/solutions/LEN-22660
AMD systems are listed as well.
As for most board vendors nowadays, I think they barely do anything with the code itself and just create the setup utility and boot logos. It is highly likely that they’re affected too.
effected
Who could have predicted bootloader drm wouldn’t go well?
This is the best summary I could come up with:
The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly to public and private data centers and possibly other enterprise settings.
People with even minimal access to such a network—say a paying customer, a low-level employee, or an attacker who has already gained limited entry—can exploit the vulnerabilities to infect connected devices with a malicious UEFI.
By installing malicious firmware that runs prior to the loading of a main OS, UEFI infections can’t be detected or removed using standard endpoint protections.
The malicious image in this scenario will establish a permanent beachhead on the device that’s installed prior to the loading of the OS and any security software that would normally flag infections.
This kind of access may be possible when someone has a legitimate account with a cloud service or after first exploiting a separate vulnerability that gives limited system rights.
When the client-{based server] boots, the attacker just needs to send the client a malicious packet in the [request] response that will trigger some of these vulns.
The original article contains 703 words, the summary contains 177 words. Saved 75%. I’m a bot and I’m open source!
