Nov 16, 2021
0 0

High severity BIOS flaws affect numerous Intel processors

Written by

New Microsoft emergency updates fix Windows Server auth issues
7 million Robinhood user email addresses for sale on hacker forum
FBI system hacked to email ‘urgent’ warning about fake cyberattacks
High severity BIOS flaws affect numerous Intel processors
New Rowhammer technique bypasses existing DDR4 memory defenses
Emotet malware is back and rebuilding its botnet via TrickBot
Alibaba ECS instances actively hijacked by cryptomining malware
High severity BIOS flaws affect numerous Intel processors
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device.
The flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high).
The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component.
These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices.
The affected products, according to Intel’s advisory, are the following:
Intel hasn’t shared many technical details around these two flaws, but they advise users to patch the vulnerabilities by applying the available BIOS updates.
This is particularly problematic because motherboard vendors do not release BIOS updates often and don’t support their products with security updates for long.
Considering that 7th gen Intel Core processors came out five years ago, it’s doubtful that MB vendors are still releasing security BIOS updates for them.
As such, some users will be left with no practical way to fix the above flaws.
Unfortunately, setting a BIOS password won’t fully protect you from this attack, as the flaws can also be exploited remotely if the attacker has a foothold on the system.
Assaf Carlsbad of SentinelOne told BleepingComputer:
The vulnerabilities we found are LPE bugs that allow attackers to escalate their privileges to SMM. SMM code is considered to be highly privileged and is usually isolated from the “outside world”. To achieve this isolation, SMM code runs from its own memory space known as SMRAM which is neither readable nor writable by the OS.
Using the vulnerabilities we discovered, attackers running with OS-level privileges can trigger corruption of SMRAM memory in a controlled manner. By leveraging the memory corruption, they can eventually get to a point where they are able to install a BIOS-level implant, thus gaining a very stable and stealthy persistence on the infected device.
A third flaw for which Intel released a separate advisory on the same day is CVE-2021-0146, also a high-severity (CVSS 7.2) elevation of privilege flaw.
“Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.” – Intel’s advisory
This bug affects the following products:
Intel has released a firmware update to mitigate this flaw, and users will get it through patches supplied by the system manufacturer.
Positive Technologies, who discovered and reported the bug to Intel, says that the flaw could allow threat actors to gain access to highly sensitive information.

“One example of a real threat is lost or stolen laptops that contain confidential information in encrypted form,” says Mark Ermolov.
“Using this vulnerability, an attacker can extract the encryption key and gain access to information within the laptop. The bug can also be exploited in targeted attacks across the supply chain.”
“For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect.”
Positive Technologies says that the flaw also affects several car models that use the Intel Atom E3900, including the Tesla Model 3.
Users should apply a BIOS update from the device vendor to address this flaw, so check your manufacturer’s website regularly.
Remember, it’s always a good idea to backup your data on a separate system or removable media before applying any of these patches, as there’s always a chance of something going wrong with the update.These flaws mainly impact systems in industrial and corporate environments exposed to physical access by many people.
As for the cars, this should be exploitable only by service points and car mechanics who will access the vehicle’s internals.
Windows 11 to only support one Intel 7th gen CPU, no AMD Zen 1 CPUs
New Windows security updates break network printing
Zero-day bug in all Windows versions gets free unofficial patch
AMD fixes dozens of Windows 10 graphics driver security bugs
Magniber ransomware gang now exploits Internet Explorer flaws in attacks
I think it's funny Intel managed to skip their 8th and 9th gen CPU's with these vulnerabilities. I wonder if we'll end up seeing other security issues with those processors posted at a later date.
Not a member yet? Register Now
New Microsoft emergency updates fix Windows Server auth issues
Emotet malware is back and rebuilding its botnet via TrickBot
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


Article Categories:
Cybersecurity News

Comments are closed.