Intel issued a security bulletin addressing sixteen newly discovered BIOS vulnerabilities that allow attackers to bypass the operating system and its associated security measures. These flaws affect Intel's Core processors from 6th to 11th generations and Xeon processors W, E, and D models.
There are ten high-severity vulnerabilities that provide full machine access, three medium-severity vulnerabilities, and one low-severity vulnerability. These new issues are unrelated to the already disclosed BIOS faults impacting HP, Dell, Lenovo, and other OEMs. Nonetheless, these 16 new vulnerabilities are comparable to prior ones in that they affect BIOS. All sixteen allow attackers to hack a computer's BIOS and thereby access sensitive info.
Involved processor series:
Fortunately, Intel advises that all of these issues require physical access to the machine, so they cannot be remotely exploited. These flaws should not alarm enterprises with secure premises as much as personal computers where bad actors may readily gain access. The vulnerabilities stem from Intel's BIOS software weaknesses such as poor control flow management, buffer overflow, pointer issues, and improper validation. All of these flaws allow attackers to escalate privileges. Insufficient access control and incorrect default permissions allow attackers to perform denial of service attacks on the local machine.
Most of these BIOS bugs are hazardous because they simply bypass virtually all local security safeguards. They are integrated or operate on top of the operating system, which loads immediately after the BIOS executes its initial POST (Power-On Self-Test). This means that no conventional security solution can safeguard the system BIOS. This week, Intel announced that it will release firmware updates to remedy the flaws, but gave no timeframe. The company advises users to "update to the latest versions given by the system maker that fix these issues." Whether the updates are currently available is unknown. The following is a list of impacted platforms.
There are 16 new BIOS Firmware Vulnerabilities listed by Intel.