back to article Phoenix UEFI flaw puts long list of Intel chips in hot seat

A new vulnerability in UEFI firmware is threatening the security of a wide range of Intel chip families in a similar fashion to BlackLotus and others like it. Security shop Eclypsium just published its account of CVE-2024-0762 (CVSSv3: 7.5) after disclosing it to Phoenix Technologies, whose UEFI firmware is affected. Phoenix …

  1. Snake Silver badge

    The irony

    "The vulnerability is located in the Trusted Platform Module (TPM) configuration"

    Oh, you couldn't get more ironic if you wrote this into a spy novel :p

    It looks like Lenovo isn't issuing updates for all Kaby Lake products; the chart shows only some devices are being supported with a Windows 10 update. Most devices seem to be Windows 11 and since Kaby Lake isn't "officially" supported they aren't bothering.

    1. ecofeco Silver badge
      FAIL

      Re: The irony

      Or dear god, I didn't even read the article. This is even worse.

      This would be comical if wasn't so goddamn effing stupid.

      Like I say, we don't call them tech douche bros for nothing!

  2. Andy Non Silver badge

    So instead of providing more security, the TPM module just increases the attack surface. Colour me surprised. Not.

    1. Snake Silver badge

      TPM

      Hey, the concept and theory was at least sound, as asking a CPU to optimally handle things like "random numbers" and crypto keys securely is a stretch without dedicated hardware (speculative execution vulnerabilities to start). Surprised that a human-created object has a flaw? I guess we really shouldn't be surprised, at that. It's [modern] life.

      1. cyberdemon Silver badge
        Black Helicopters

        Re: TPM

        No, the concept and theory was to allow various three-letter agencies a backdoor to access any Intel-based machine, and to prevent any third-party "open source" OS from having full hardware access or even being able to boot at all without the say-so of Microsoft.

        So i'm not at all surprised that it has vulnerabilities, as that was basically the whole point of Intel Management Engine that is baked into all their UEFI firmware..

        1. Anonymous Coward
          Anonymous Coward

          Re: TPM

          > that was basically the whole point of Intel Management Engine that is baked into all their UEFI firmware..

          The IME is not "baked into all their UEFI firmware", it is a part of Intel chipsets. It is actually a separate 32bit x86 CPU with its own operating system.

          1. that one in the corner Silver badge

            Re: TPM

            > It is actually a separate 32bit x86 CPU with its own operating system.

            The OS is Minix, making this one of the most widely deployed operating systems on the planet.

            There was coverage of this back in 2017, when details about the insides of IME were dug out

            (Although read that article with care - it keeps on trying to demonise Minix, when all of the criticisms it makes are just because the source to IME isn't open, leading to a lot of "could" rather than "has been shown to do"; the same article could have written if the IME was found to be running any other non-GPL embeddable OS).

  3. heyrick Silver badge

    UEFI - pwning your system in the name of security.

    1. mevets

      UEFI

      U EFfin Idiot ?

      1. Anonymous Coward
        Anonymous Coward

        Re: UEFI

        In steps:

        UEFI

        U EF I

        You Eff I

        You F*ed Me again, time to update the firmware...

    2. Anonymous Coward
      Anonymous Coward

      baked in

      a baked in MiTM

  4. Throatwarbler Mangrove Silver badge
    Facepalm

    Lawl

    Suddenly, my ancient 6th generation i7 with no TPM is looking pretty sweet!

  5. ecofeco Silver badge
    Facepalm

    FFS

    Wasn't UEFI supposed to provide better security?

    1. Paul Crawford Silver badge

      Re: FFS

      No it was all about having mouse & flash graphics support for over-clockers (none of this tedious text-based BIOS malarkey)! Er, maybe faster boot? Er...

    2. david 12 Silver badge

      Re: FFS

      UEFI is supposed to provide a disk-load bios, rather than ROM bios, and that's for portability, not security.

      In fact, using a disk-load bios instead of a ROM bios is so obviously less secure, you don't really trust in unless you have a Trusted Platform.

      And if your Trusted Platform is broken, you don't know what you may be loading.

  6. Will Godfrey Silver badge
    Facepalm

    Where exactly is this in the bios?

    All my machines have the ability to switch UEFI off (which I've done), so is this bork before or after that point? It's not clear from the article.

    Actually, one of them is old enough to be more secure. DOH!

    1. TReko Silver badge

      Re: Where exactly is this in the bios?

      I used to as well.

      However, many BIOS PCI features (like resizeable BAR) now need UEFI enabled in order to work. Windows (at least) seems to assume you're running a 32 bit OS if UEFI is not enabled.

  7. Anonymous Coward
    Anonymous Coward

    Here At Linux Mansions......

    Quote: "...Phoenix Technologies, whose UEFI firmware is affected...."

    ....we always use AMD processors.

    Does this Phoenix c*ck up affect AMD machines?

    I think we should be told!

  8. train_wreck

    Can it be taken as read that disabling TPM would mitigate this?

  9. Anonymous Coward
    Anonymous Coward

    Talking about Mosaic Regressor et al..

    > Backdoors of yesteryear such as ... Black Lotus ... Mosaic Regressor are previous examples of UEFI flaws that made security pros sweat.

    And the linked article for Mosaic Regressor says:

    >> Russian antivirus maker Kaspersky has said it uncovered "rogue UEFI firmware images" seemingly developed by black hats with links to China ... according to a post on Kaspersky's Securelist blog, which named the attack MosaicRegressor.

    In a similar vein:

    >>> Kaspersky's lead security researcher Sergey Lozhkin first saw BlackLotus

    Good thing we have Kaspersky as a successful business with the resources to find and report on this sort of thing.

    We'd be in a sorry state if they lost too many customers and weren't able to find this sort of work.

  10. Conundrum1885

    Hate to say it

    But this is why I dislike TPM and BitLocker

    When a closed source chip can hose the entire system if it goes bad, then so can a malware.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like