The flaws, which can be exploited to gain full administrative control of a target system, were discovered by firmware protection company Binarly. The company claims more than two dozen hardware manufacturers are affected, including top-end OEMs such as Intel, AMD and Lenovo.

High-impact flaws

UEFI stands for Unified Extensible Firmware Interface, which is the foundational layer for all modern PCs. It provides a standardized way for devices to interact with each other, including communicating over a network. It also allows administrators to manage the configuration of various devices such as printers, webcams and more. You can easily fix any BIOS issues especially during startup with our excellent guide. Insyde’s UEFI firmware is vulnerable to 23 flaws that would allow attackers to gain full control of the computer while maintaining remote access. These vulnerabilities are categorized as critical and high-impact flaws.

Twenty-three severe flaws

23 of these vulnerabilities have been classified as critical or high severity and would allow malicious actors to access the endpoint in a number of ways, including keylogging attacks, a system information leak or full physical access. The 23 flaws are tracked as: CVE-2020-27339, CVE-2020-5953, CVE-2021-33625, CVE-2021-33626, CVE-2021-33627, CVE-2021-41837, CVE-2021-41838, CVE-2021-41839, CVE-2021-41840, CVE-2021-41841, CVE-2021-42059, CVE-2021-42060, CVE-2021-42113, CVE-2021-42554, CVE-2021-43323, CVE-2021-43522, CVE-2021-43615, CVE-2021-45969, CVE-2021-45970, CVE-2021-45971, CVE-2022-24030, CVE-2022-24031, CVE-2022-24069. These three have a 9.8 out of 10 ratings and are classified as high-impact. CVE-2021-45969, CVE-2021-45970, and CVE-2021-45971

Patches to address the issue

Security researchers at Insyde have discovered that there is an extremely serious security flaw in some of Intel’s processors’ firmware. Security patches are a good thing, but they aren’t always released quickly enough. Insyde released firmware patches to help address the issue, but these now need to be accepted by OEMs and released onto affected products, and that might take a while. In other words, you might get a patch for your PC today, but it might not work until tomorrow. Furthermore, your PC might become inoperable after you install it if you don’t also install a patch for another piece of software that you use on a daily basis. Some OEMs are also yet to confirm they have been affected so it will be a while. You can also update your BIOS easily if you haven’t already. Has your PC been affected by the BIOS flaws? Let us know in the comment section below.

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ