A defect discovered in the unified extensible firmware interface (UEFI) of certain systems, allows an intruder to bypass the Secure Boot, το πρότυπο ασφάλειας που χρησιμοποιείται στις τελευταίες εκδόσεις των Windows για τον έλεγχο της νομιμότητας της φόρτωσης λογισμικού κατά την εκκίνηση.
According with a CERT bulletin (Desktop Emergency Response Team) of Carnegie Mellon University, some UEFI systems do not restrict access to the boot script used by the EFI S3 Resume Boot Path, which may allow a local attacker to bypass firmware-enforced write protections .
In addition to bypassing Secure Boot, another risk is that platform software can be replaced with a different one that allows unsigned software to run during the boot process.
The effects of this flaw are very serious because the Startup Script is deployed before any security mechanism is started, which means that an attacker can persistently gain access to the system regardless of efforts and means protectionof the owner.
"The startup script starts quite early, when other important platform security mechanisms have not yet been configured. For example, BIOS_CNTL, which helps protect the firmware, is not locked. "TSEGMB, which protects SMRAM from DMA, is also unlocked," said Rafal Wojtczuk of Bromium and Corey Kallenberg of MITRE. Rafal Wojtczuk and Corey Kallenberg are the researchers who discovered the vulnerability at UEFI.
