UEFI firmware from top manufacturers has some serious issues

There’s a way to install malware on hundreds of servers at once

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Unified Extensible Firmware Interface (UEFI), a set of routines that boot anoperating system, carries almost a dozen vulnerabilities which, when chained together, can be used to deploymalwareat firmware level.

This is according to a new report from Quarkslab, who detailed the flaws, and a proof-of-concept solution.

The flaws were found in functions related to IPv6 and can be exploited in the Preboot Execution Environment (PXE), when configured to use IPv6. As the environment is often dubbed Pixieboot, the researchers named the vulnerability PixieFail. Pixieboot, asArsTechnicaexplains, is a mechanism usually used by enterprises to boot up large numbers of devices, such as servers. In such scenarios, the OS is not located on the endpoint itself, but rather on a central server. The devices that are booting up use the Dynamic Host Configuration Protocol to look for the server and then request the OS image.

Patches in the works

In theory, if a person has even the slightest access to the target network (such as a low-level employee, a customer with a cloud account, or a hacker with pre-installed malware or access to customer accounts), they can use it to get the endpoints to download a malicious firmware image instead of the clean one.

The vulnerabilities are tracked as CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234,  CVE-2023-45235, CVE-2023-45235, CVE-2023-45236, and CVE-2023-45237.

Arm, AMI, Insyde, Phoenix Technologies, andMicrosoft, were all said to be vulnerable to PixieFail. The makers are currently pushing updates to their customers, ArsTechnica added, saying that some have already released their patches. AMI, for example, has released a patch, while Microsoft is currently “taking appropriate action”.

Other manufacturers, including Arm, Insyde, and Phoenix, are yet to make a statement.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While this vulnerability seems to be affecting corporate users most, some researchers are saying that even private users and regular consumers should patch up the flaw as soon as the fixes become available.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet