Security Malfunctions Of High Risk Identified In Top Servers
News February 16th 2022Binarly discovered not one, but more than 20 vulnerabilities in popular servers. Those were affecting unified extensible firmware interfaces (UEFI) software that allow hackers to easily bypass hardware security mechanisms.
Binarly, a well-known security firm has found more than 20,000 vulnerabilities that were hiding in BIOS, UEFI software belonging to a wide range of system vendors, like Intel, Microsoft, Lenovo, Dell, Bull Atos, Fujitsu, HPE, HP, and also Siemens.
Binarly found that all the vulnerabilities were associated with the use of InsydeH20, a framework code that is used to build motherboard unified extensible firmware interfaces (UEFI). This is an interface between a computer’s operating system and firmware.
Why Vulnerabilities were of high risk?
All these vulnerabilities are actually so dangerous, because, the UEFI/BIOS-based attacks can bypass firmware-based security mechanisms. These malfunctions include SMM all-out or privilege escalation, SMM memory corruption, and DXE memory corruption.
The damage done by these vulnerabilities is very severe. They can cause by attackers to bypass hardware-based security features like secure boot, virtualization-based security, and also trusted platform modules (TPM).
Initially, 23 malfunctions were disclosed by Binalry, but later found out five more, that were related to HP hardware. Binarly announced, these vulnerabilities were capable of affecting both desktop and server hardware, and thus have been reported about them to vendors and to Insyde. Fixes are still going on.
Binalry has been working closely with CERT/CC and Insyde teams for the last few months to confirm fixes of all vulnerabilities, provide additional technical details, evaluate the associated risks, and worked through the responsible disclosure process.
Binalry has now also partnered with Linux Vendor Firmware Service (LVFS) to find out other vendors and scale their services to identify more affected hardware models that are using firmware vulnerabilities detection tools, known as FwHunt.
If you enjoyed reading this news, you are surely going to cherish these too –
- Hacker Chose $2M bug bounty over unlimited ‘Ether’
- Happy 20th to .NET
- Red Bull F1 Sealed Sponsor Deal With Tech Giant Oracle In $500M Deal.
manvinder Singh
https://www.hostingseekers.com
Manvinder Singh is the Founder and CEO of HostingSeekers, an award-winning go-to-directory for all things hosting. Our team conducts extensive research to filter the top solution providers, enabling visitors to effortlessly pick the one that perfectly suits their needs. We are one of the fastest growing web directories, with 500+ global companies currently listed on our platform.
Trending Posts
-
6 Best WHMCS Alternatives For 2024 [Tested and Reviewed]
Table of Contents Introduction What is WHMCS? What is the Cost o...
-
SSD vs SAS vs SATA: Which Is Better For A Dedicated Server?
Summary: SSD vs SAS vs SATA drives in detail to determine which of these t...
-
Dell vs HP vs Lenovo- Which Is The Best Gaming Beast?
In our today’s blog, we will discuss Dell vs HP vs Lenovo to help you choos...
