Considering that 10 families of globally-used Intel processors are affected, IT teams need to take immediate mitigative action

A firmware vulnerability with a CVSS score of 7.5  has been disclosed by cybersecurity researchers, and distribution of an patch (contingent on individual manufacturers’ own priorities) has started since May 2024.

Revolving around the Unified Extensible Firmware Interface (UEFI) by Phoenix Technologies that is used on mainboards to run Intel central processing units and associated components, the vulnerability (CVE-2024-0762) affects multiple families* of Intel Core desktop and mobile processors.

The vulnerability (also called UEFIcanhazbufferoverflow) was detected by a supply chain security firm Eclypsium. According to its spokespeople, if variables are handled in an unsafe way by the UEFI and configuration of a device’s Trusted Platform Module (TPM), the resultant buffer overflow could result in in the execution of malicious code without detection. This in turn could allow an attacker to gain escalated privileges in the UEFI firmware and achieve high level permissions to install rootkits, modify runtime code in memory, and even subvert hardware functionalities.

This also means that, even the reinstallation of a clean copy of the operating system would not rid it of the backdoor to the entire computer. It can also be assumed that systems without TPM are not affected, but those with TPM in their machines and have it deactivated in firmware can still not be ruled as immune to the vulnerability.

Considering that the Phoenix UEFI firmware is found in a broad range of computing equipment containing multiple generations of Intel Core CPUs around the world, if the vulnerability remains unpatched in any supply chain, cybercriminals can still exploit it to hijack millions of computers anytime in the future.

The firm responsible for addressing the vulnerability, Phoenix Technologies, has already worked with manufacturers to release firmware updates since May 2024. However, historically, organizations worldwide have always lagged in patching up security vulnerabilities promptly.

All organizations are advised to take immediate action to take stock of all affected computing devices, patch them with certified updates from the manufacturers, and ensure the hardware and software are scanned for UEFIcanhazbufferoverflow and other possible pre-existing vulnerabilities.

*AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake processor families