New UEFI vulnerabilities send firmware devs industry wide scrambling

Article note: The reference TianoCore EDK2 PXE implementation that everyone just checks out a copy of and ships is full of fail, and all you need to exploit it is to be able to sniff/inject packets on the same network while PXE (netboot) is enabled in the firmware. Lovely. Sure would be nice if there was something not as over-complicated as UEFI but still capable of passing hardware description tables (...preferably in a format not as nasty as ACPI) so we're not doing DeviceTree shit everywhere.

Enlarge (credit: Nadezhda Kozhedub)

UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehold in a user's network to infect connected devices with malware that runs at the firmware level.

The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly to public and private data centers and possibly other enterprise settings. People with even minimal access to such a network—say a paying customer, a low-level employee, or an attacker who has already gained limited entry—can exploit the vulnerabilities to infect connected devices with a malicious UEFI.

Short for Unified Extensible Firmware Interface, UEFI is the low-level and complex chain of firmware responsible for booting up virtually every modern computer. By installing malicious firmware that runs prior to the loading of a main OS, UEFI infections can’t be detected or removed using standard endpoint protections. They also give unusually broad control of the infected device.