Cybersecurity News in Asia

Features
- Featured
  
  How AI can turbocharge SIEM
  
  Tuesday, June 25, 2024, 10:16 AM Asia/Singapore | Features
- Featured
  
  Blockchain in cybersecurity applications? The jury is still out
  
  Wednesday, June 19, 2024, 11:39 AM Asia/Singapore | Features, Newsletter
- Featured
  
  Unplanned downtime costs more than you think
  
  Thursday, June 13, 2024, 3:23 PM Asia/Singapore | Features, News
News
- Featured
  
  Indonesian government refuses to pay US$8m ransom to Lockbit 3.0 threat group
  
  Wednesday, June 26, 2024, 11:14 AM Asia/Singapore | News, Newsletter
- Featured
  
  Stronger anti-scam/fraud measures take effect in Singapore
  
  Tuesday, June 25, 2024, 2:26 PM Asia/Singapore | News, Newsletter
- Featured
  
  CVSS 7.5 firmware vulnerability affecting millions of computers requires urgent patching
  
  Friday, June 21, 2024, 6:38 PM Asia/Singapore | News, Newsletter
Opinions
Tips
Whitepapers
Awards 2024
Directory
E-Learning

News

CVSS 7.5 firmware vulnerability affecting millions of computers requires urgent patching

By CybersecAsia editors | Friday, June 21, 2024, 6:38 PM Asia/Singapore

Considering that 10 families of globally-used Intel processors are affected, IT teams need to take immediate mitigative action

A firmware vulnerability with a CVSS score of 7.5 has been disclosed by cybersecurity researchers, and distribution of an patch (contingent on individual manufacturers’ own priorities) has started since May 2024.

Revolving around the Unified Extensible Firmware Interface (UEFI) by Phoenix Technologies that is used on mainboards to run Intel central processing units and associated components, the vulnerability (CVE-2024-0762) affects multiple families* of Intel Core desktop and mobile processors.

The vulnerability (also called UEFIcanhazbufferoverflow) was detected by a supply chain security firm Eclypsium. According to its spokespeople, if variables are handled in an unsafe way by the UEFI and configuration of a device’s Trusted Platform Module (TPM), the resultant buffer overflow could result in in the execution of malicious code without detection. This in turn could allow an attacker to gain escalated privileges in the UEFI firmware and achieve high level permissions to install rootkits, modify runtime code in memory, and even subvert hardware functionalities.

This also means that, even the reinstallation of a clean copy of the operating system would not rid it of the backdoor to the entire computer. It can also be assumed that systems without TPM are not affected, but those with TPM in their machines and have it deactivated in firmware can still not be ruled as immune to the vulnerability.

Considering that the Phoenix UEFI firmware is found in a broad range of computing equipment containing multiple generations of Intel Core CPUs around the world, if the vulnerability remains unpatched in any supply chain, cybercriminals can still exploit it to hijack millions of computers anytime in the future.

The firm responsible for addressing the vulnerability, Phoenix Technologies, has already worked with manufacturers to release firmware updates since May 2024. However, historically, organizations worldwide have always lagged in patching up security vulnerabilities promptly.

All organizations are advised to take immediate action to take stock of all affected computing devices, patch them with certified updates from the manufacturers, and ensure the hardware and software are scanned for UEFIcanhazbufferoverflow and other possible pre-existing vulnerabilities.

*AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake processor families

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Securing Industry 4.0
The world is advancing to Industry 4.0 in full swing, and this is a key …Download Whitepaper
Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment
Organizations are turning to Secure Access Service Edge (SASE) solutions for securing remote work environments, …Download Whitepaper
Identity Has Breached the Ecosystem
This whitepaper explores the dual nature of identity in cybersecurity, emphasizing its role in both …Download Whitepaper
Fortanix Buyers Guide for Modern Key Management and Data Security
This document underscores the pressing challenges in key management and data securityDownload Whitepaper

Middle-sidebar-banner

Case Studies

What data-driven organizations need today and in the future
Our data-driven business world needs purpose-built data protection solutions that combine centralized management with a …Read more
How medical devices manufacturer Tuttnauer protects patient and personal-data safety
In running a cloud-based portal to link its smart medical equipment, the firm has also …Read more
AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
To test the safety/security of a generative AI feature, what unchartered bugs and human testing …Read more
Real estate logistics provider GLP steps up to zero trust architecture
With its physical and digital footprint growing, the global firm’s outdated legacy security stack has …Read more

Cybersecurity News in Asia

Featured

How AI can turbocharge SIEM

Featured

Blockchain in cybersecurity applications? The jury is still out

Featured

Unplanned downtime costs more than you think

Featured

Indonesian government refuses to pay US$8m ransom to Lockbit 3.0 threat group

Featured

Stronger anti-scam/fraud measures take effect in Singapore

Featured