Bug hunters at French security research firm Quarkslab have found multiple serious vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI specification, warning there is a risk of remote code execution attacks.
In a research paper published after a months-long disclosure process, Quarkslab said the vulnerabilities are present in the network stack of EDK II and can be exploited during the network boot process.
In addition to Tianocore's EDK II UEFI implementation and the NetworkPkg PXE stack, Quarkslab said multiple vendors including Microsoft, Arm, Insyde, Phoenix Technologies and American Megatrends are using the vulnerable module.
Quarkslab chief technology officer Ivan Arce said he confirmed the vulnerable code in Microsoft's Project Mu adaptation of Tianocore's EDK2.
Quarkslab released proof-of-concept code to trigger the first seven vulnerabilities and allow defenders to produce detection signatures to spot infection attempts.
The CERT Coordination Center is expected to publish a notice with a comprehensive list of affected vendors, and guidance to deploy fixes and mitigations.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 16 Jan 2024 14:43:11 +0000