Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

UEFI firmware from top manufacturers has some serious issues

Malware Magnifying Glass.

The Unified Extensible Firmware Interface (UEFI), a set of routines that boot an operating system, carries almost a dozen vulnerabilities which, when chained together, can be used to deploy malware at firmware level. 

This is according to a new report from Quarkslab, who detailed the flaws, and a proof-of-concept solution. 

The flaws were found in functions related to IPv6 and can be exploited in the Preboot Execution Environment (PXE), when configured to use IPv6. As the environment is often dubbed Pixieboot, the researchers named the vulnerability PixieFail. Pixieboot, as ArsTechnica explains, is a mechanism usually used by enterprises to boot up large numbers of devices, such as servers. In such scenarios, the OS is not located on the endpoint itself, but rather on a central server. The devices that are booting up use the Dynamic Host Configuration Protocol to look for the server and then request the OS image. 

Patches in the works

In theory, if a person has even the slightest access to the target network (such as a low-level employee, a customer with a cloud account, or a hacker with pre-installed malware or access to customer accounts), they can use it to get the endpoints to download a malicious firmware image instead of the clean one.

The vulnerabilities are tracked as CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234,  CVE-2023-45235, CVE-2023-45235, CVE-2023-45236, and CVE-2023-45237.

Arm, AMI, Insyde, Phoenix Technologies, and Microsoft, were all said to be vulnerable to PixieFail. The makers are currently pushing updates to their customers, ArsTechnica added, saying that some have already released their patches. AMI, for example, has released a patch, while Microsoft is currently “taking appropriate action”. 

Other manufacturers, including Arm, Insyde, and Phoenix, are yet to make a statement. 

While this vulnerability seems to be affecting corporate users most, some researchers are saying that even private users and regular consumers should patch up the flaw as soon as the fixes become available.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.