image credit: Freepik

New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access

September 23, 2022

The firm’s researchers have identified seven new security holes in InsydeH2O UEFI firmware provided by Insyde Software. The impacted code is used by dozens of other companies, including major vendors such as HP, Dell, Intel, Microsoft, Fujitsu, Framework, and Siemens.

Exploitation of the new vulnerabilities requires local privileged OS access, but many of them have still been assigned a ‘high severity’ rating. The flaws are related to System Management Mode (SMM) and they can lead to information disclosure or arbitrary code execution.

Read More on Security Week