A defect discovered in the unified extensible firmware interface (UEFI) ορισμένων συστημάτων, επιτρέπει σε έναν εισβολέα να παρακάμψει το Secure Boot, το πρότυπο ασφάλειας που χρησιμοποιείται στις τελευταίες εκδόσεις των Windows για τον έλεγχο της νομιμότητας της φόρτωσης λογισμικού κατά την εκmovement.
According with a CERT bulletin (Computer Emergency Response Team) of Carnegie University Mellon, ορισμένα συστήματα UEFI δεν περιορίζουν την access in the startup script used by the EFI S3 Resume Boot Path, which may allow a local attacker to bypass firmware-enforced write protections.
In addition to bypassing Secure Boot, another risk is that platform software can be replaced with a different one that allows unsigned software to run during the boot process.
The implications of this flaw are very serious because the Startup Script is deployed before any security mechanism is started, which means that an attacker can gain persistent access to system regardless of the owner's efforts and means of protection.
"The startup script starts quite early, when other important platform security mechanisms have not yet been configured. For example, BIOS_CNTL, which helps protect the firmware, is not locked. "TSEGMB, which protects SMRAM from DMA, is also unlocked," said Rafal Wojtczuk of Bromium and Corey Kallenberg of MITRE. Rafal Wojtczuk and Corey Kallenberg are the researchers who discovered the vulnerability at UEFI.
