Ένα ελάττωμα που ανακαλύφθηκε στο unified extensible firmware interface (UEFI) of certain systems, allows an attacker to bypass Secure Boot, the security standard used in the latest versions of Windows to check the legitimacy of bootloading when booting.
According with a CERT bulletin (Computer Emergency Response Team) of Carnegie Mellon University, some UEFI systems do not restrict access to script boot path used by the EFI S3 Resume Boot Path, which may allow a local attacker to bypass firmware-enforced write protections.
In addition to bypassing Secure Boot, another risk that exists is that its software platforms can be replaced with a different one that allows unsigned software to run during the process of booting a system.
The effects of this flaw are very serious because the Startup Script is deployed before any security mechanism is started, which means that an attacker can persistently gain access to the system regardless of efforts and means protectionof the owner.
“The Startup Script starts quite early, when other important security mechanisms of the platform have not yet been configured. For example, BIOS_CNTL, which helps protect the firmware, is not locked. TSEGMB, which protects SMRAM from DMA, is also unlocked,” Bromium's Rafal Wojtczuk and MITER's Corey Kallenberg report. Rafal Wojtczuk and Corey Kallenberg are the researchers who discovered it vulnerability in UEFI.