High Severity Vulnerability in HP PC BIOS
June 20, 2023
HP discovered a potential vulnerability in the BIOS of certain HP PC products that use AMI UEFI Firmware.
HP discovered a potential vulnerability in the BIOS of certain HP PC products that use AMI UEFI Firmware.
A vulnerability has been discovered in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices, which may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
Microsoft Incident Report | CVE-2022-21894
In April 2023, cybersecurity researchers at Microsoft identified a dangerous UEFI bootkit (CVE-2022-21894), dubbed “BlackLotus”. It operates at computer startup, compromising systems and disabling OS security mechanisms.
A stack overflow vulnerability has been found in the BIOS firmware of Aspire E5-475G laptops, which can allow local attackers to execute arbitrary code and gain escalated privileges during the boot process.
Reference Article
CosmicStrand appears to be the work of an unknown Chinese-speaking threat actor.
The highly targeted attack reveals a new level of sophistication in attacks against UEFI firmware.
Phoenix Technologies
Corporate Headquarters:
2105 S. Bascom Avenue
Suite 316
Campbell, CA 95008-3295
Toll Free: 1-800-677-7305
Tel: +1-408-570-1000
Who We Serve
Solutions
Resources
Company
Copyright © 2024. FirmGuard
