A defect discovered in the unified extensible firmware interface (UEFI) of certain systems, allows an attacker to bypass Secure Boot, the security standard used in the latest versions of Windows to check the legitimacy of bootloading when booting.
According with a CERT bulletin (Computer Emergency Response Team) from Carnegie Mellon University, some UEFI systems do not restrict access to the boot script used by the EFI S3 Resume Boot Path, which can give a local attacker the ability to pass the write protection imposed by the firmware.
In addition to bypassing Secure Boot, another risk is that platform software can be replaced with a different one that allows unsigned software to run during the boot process.
The implications of this flaw are very serious because Starter Script is developed before any security mechanism starts, which means that the attacker can gain persistent access to the system regardless of the owner's efforts and means of protection.
"The startup script starts quite early, when other important platform security mechanisms have not yet been configured. For example, BIOS_CNTL, which helps protect the firmware, is not locked. "TSEGMB, which protects SMRAM from DMA, is also unlocked," said Rafal Wojtczuk of Bromium and Corey Kallenberg of MITRE. Rafal Wojtczuk and Corey Kallenberg are the researchers who discovered the vulnerability at UEFI.