Top
item
Advertisement
image credit: Freepik

New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access

September 23, 2022

Via: Security Week
Category:

The firm’s researchers have identified seven new security holes in InsydeH2O UEFI firmware provided by Insyde Software. The impacted code is used by dozens of other companies, including major vendors such as HP, Dell, Intel, Microsoft, Fujitsu, Framework, and Siemens.

Exploitation of the new vulnerabilities requires local privileged OS access, but many of them have still been assigned a ‘high severity’ rating. The flaws are related to System Management Mode (SMM) and they can lead to information disclosure or arbitrary code execution.

Read More on Security Week

RELATED PUBLICATIONS

Critical Vulnerabilities Found in Passwordstate Enterprise Password Manager
Mitigation for ProxyNotShell Exchange Vulnerabilities Easily Bypassed
Passengers Exposed to Hacking via Vulnerabilities in Airplane Wi-Fi Devices

Latest Publications

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
OpenAI’s GPT-4 can exploit real vulnerabilities by reading security advisories
Dangerous ICS Malware Targets Orgs in Russia and Ukraine
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!