There are 16 new BIOS Firmware Vulnerabilities listed by Intel.

Published by

teaser

Intel issued a security bulletin addressing sixteen newly discovered BIOS vulnerabilities that allow attackers to bypass the operating system and its associated security measures. These flaws affect Intel's Core processors from 6th to 11th generations and Xeon processors W, E, and D models.



There are ten high-severity vulnerabilities that provide full machine access, three medium-severity vulnerabilities, and one low-severity vulnerability. These new issues are unrelated to the already disclosed BIOS faults impacting HP, Dell, Lenovo, and other OEMs. Nonetheless, these 16 new vulnerabilities are comparable to prior ones in that they affect BIOS. All sixteen allow attackers to hack a computer's BIOS and thereby access sensitive info.

Involved processor series:

  • 2nd Generation Intel Xeon Scalable Processor Family
  • Intel Xeon Scalable Processor Family
  • Intel Xeon Processor W Family
  • Intel Xeon Processor E Family
  • Intel Xeon Processor D Family
  • 11th Generation Intel Core Processor Family
  • 10th Generation Intel Core Processor Family
  • 9th Generation Intel Core Processor Family
  • 8th Generation Intel Core Processor Family
  • 7th Generation Intel Core Processor Family
  • 6th Generation Intel Core processor Family
  • Intel Core X-series Processor Family
  • Intel Atom Processor C3XXX Family.

Fortunately, Intel advises that all of these issues require physical access to the machine, so they cannot be remotely exploited. These flaws should not alarm enterprises with secure premises as much as personal computers where bad actors may readily gain access. The vulnerabilities stem from Intel's BIOS software weaknesses such as poor control flow management, buffer overflow, pointer issues, and improper validation. All of these flaws allow attackers to escalate privileges. Insufficient access control and incorrect default permissions allow attackers to perform denial of service attacks on the local machine.

Most of these BIOS bugs are hazardous because they simply bypass virtually all local security safeguards. They are integrated or operate on top of the operating system, which loads immediately after the BIOS executes its initial POST (Power-On Self-Test). This means that no conventional security solution can safeguard the system BIOS. This week, Intel announced that it will release firmware updates to remedy the flaws, but gave no timeframe. The company advises users to "update to the latest versions given by the system maker that fix these issues." Whether the updates are currently available is unknown. The following is a list of impacted platforms.

There are 16 new BIOS Firmware Vulnerabilities listed by Intel.


Share this content
Twitter Facebook Reddit WhatsApp Email Print