The FirmGuard Blog
CVE-2024-3094 | CISA Alert | Ubuntu Alert
On March 28th, 2024, it was discovered that a sophisticated social engineering attack introduced a backdoor in the XZ Utils library, which provides data compression and decompression services and is included in many Linux distributions.
FirmGuard is uniquely positioned in the marketplace to help IT administrators monitor their endpoints for firmware vulnerabilities and thus keep up with the NIST CSF Detect function (DE.CM): Assets are monitored to find anomalies, indicators of compromise, and other potentially adverse events.
Healthy Technology Solutions (HTS) had been using FirmGuard successfully for many months to measure and monitor the status of their client endpoints, including UEFI BIOS firmware security. Within the span of less than a month, however, they suddenly had two high priority use cases for SecureConfig—which they had only recently begun to use. The specifics of the two use cases are highlighted below.
Organizations that ignore UEFI BIOS firmware vulnerability do so at their own peril and are setting themselves up for a potentially devasting attack. But what is UEFI? How do we protect endpoints from UEFI BIOS vulnerabilities? And what types of vulnerabilities are there?
SecureWipe is a FirmGuard feature that securely erases endpoint HDD, SSD, and other mass storage devices. It is triggered remotely from the FirmGuard Portal and forensically erases all data and partitions independent of the operating system (OS).
Reference Article
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers.
CVE-2023-5058
A new firmware vulnerability called “LogoFAIL” has been disclosed. The flaw exists in the processing of user-supplied splash screen during system boot, which can be exploited by an attacker.
HP discovered a potential vulnerability in the BIOS of certain HP PC products that use AMI UEFI Firmware.
A vulnerability has been discovered in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices, which may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
Microsoft Incident Report | CVE-2022-21894
In April 2023, cybersecurity researchers at Microsoft identified a dangerous UEFI bootkit (CVE-2022-21894), dubbed “BlackLotus”. It operates at computer startup, compromising systems and disabling OS security mechanisms.
Phoenix Technologies
Corporate Headquarters:
2105 S. Bascom Avenue
Suite 316
Campbell, CA 95008-3295
Toll Free: 1-888-249-4880
Tel: +1-408-570-1000 (option 3)
Who We Serve
Solutions
Resources
Company
Copyright © 2023-2025. Phoenix Technologies.
