AMD motherboard partners start rolling out BIOS updates with LogoFAIL bugfix

[ENTERPRISE]

  Quote

Thanks to AMD's AGESA updates, its motherboard partners have started rolling out BIOS updates containing a fix to protect the BIOS from LogoFAIL, a security flaw that allows the UEFI boot screen to be hijacked. LogoFAIL was discovered in Dec. 2023. 

Expand  

Source

[UltraMega]

LogoFAIL is a set of security vulnerabilities affecting different image parsing libraries used in the system firmware by various vendors during the device boot process. It impacts devices by placing malicious code inside an image file that is parsed during boot, leading to persistence¹. Here are some key points about LogoFAIL:

1. What Is LogoFAIL?

   • LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have existed for years, if not decades, in Unified Extensible Firmware Interfaces (UEFIs) responsible for booting modern devices running Windows or Linux.
   • These vulnerabilities allow malicious firmware execution early in the boot-up sequence, making infections nearly impossible to detect or remove using current defense mechanisms².
   • The attack is dubbed LogoFAIL by the researchers who devised it.

2. How It Works:

   • LogoFAIL involves hardware seller logos displayed on the device screen during the boot process while the UEFI is still running.
   • Image parsers in UEFIs from major vendors are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now.
   • By replacing legitimate logo images with identical-looking ones specially crafted to exploit these bugs, LogoFAIL enables the execution of malicious code at the most sensitive stage of the boot process (known as DXE, short for Driver Execution Environment).

3. Scope and Impact:

   • Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to LogoFAIL.
   • The attack can be remotely executed in post-exploit situations, using techniques that can’t be easily spotted by traditional endpoint security products.
   • Exploits run during the earliest stages of the boot process, bypassing defenses like Secure Boot and similar protections designed to prevent bootkit infections.

4. Affected Parties:

   • Participating companies include UEFI suppliers (AMI, Insyde, Phoenix), device manufacturers (Lenovo, Dell, HP), and CPU makers (Intel, AMD, ARM).
   • Links to advisories and vulnerability designations are available in the original research².

5. Protection and Mitigation:

   • If you’re concerned about LogoFAIL, consider the following steps:
     • Update your firmware: Check for security patches provided by your device manufacturer.
     • Prevent unauthorized access: Ensure that attackers cannot gain access to the EFI System Partition (ESP) where the logo image is stored³.

Remember, LogoFAIL is not a virus but rather a set of vulnerabilities that allow attackers to bypass security measures and install malicious software during the boot process⁴. Stay vigilant and keep your devices secure!

 

 

[Sir Beregond]

  On 14/04/2024 at 05:35, UltraMega said:

LogoFAIL is a set of security vulnerabilities affecting different image parsing libraries used in the system firmware by various vendors during the device boot process. It impacts devices by placing malicious code inside an image file that is parsed during boot, leading to persistence¹. Here are some key points about LogoFAIL:

1. What Is LogoFAIL?

   • LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have existed for years, if not decades, in Unified Extensible Firmware Interfaces (UEFIs) responsible for booting modern devices running Windows or Linux.
   • These vulnerabilities allow malicious firmware execution early in the boot-up sequence, making infections nearly impossible to detect or remove using current defense mechanisms².
   • The attack is dubbed LogoFAIL by the researchers who devised it.

2. How It Works:

   • LogoFAIL involves hardware seller logos displayed on the device screen during the boot process while the UEFI is still running.
   • Image parsers in UEFIs from major vendors are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now.
   • By replacing legitimate logo images with identical-looking ones specially crafted to exploit these bugs, LogoFAIL enables the execution of malicious code at the most sensitive stage of the boot process (known as DXE, short for Driver Execution Environment).

3. Scope and Impact:

   • Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to LogoFAIL.
   • The attack can be remotely executed in post-exploit situations, using techniques that can’t be easily spotted by traditional endpoint security products.
   • Exploits run during the earliest stages of the boot process, bypassing defenses like Secure Boot and similar protections designed to prevent bootkit infections.

4. Affected Parties:

   • Participating companies include UEFI suppliers (AMI, Insyde, Phoenix), device manufacturers (Lenovo, Dell, HP), and CPU makers (Intel, AMD, ARM).
   • Links to advisories and vulnerability designations are available in the original research².

5. Protection and Mitigation:

   • If you’re concerned about LogoFAIL, consider the following steps:
     • Update your firmware: Check for security patches provided by your device manufacturer.
     • Prevent unauthorized access: Ensure that attackers cannot gain access to the EFI System Partition (ESP) where the logo image is stored³.

Remember, LogoFAIL is not a virus but rather a set of vulnerabilities that allow attackers to bypass security measures and install malicious software during the boot process⁴. Stay vigilant and keep your devices secure!

 

 

Expand  

Thanks ChatGPT!

[UltraMega]

  On 14/04/2024 at 14:26, Sir Beregond said:

Thanks ChatGPT!

Expand  

Hey, it's useful for summaries if nothing else.