Headline
CVE-2023-31100: Security Notifications - Phoenix Technologies - Leading PC Innovation since 1979
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4:
- from 4.3.0.0 before 4.3.0.203
from
4.3.1.0 before 4.3.1.163
from
4.4.0.0 before 4.4.0.217
from
4.5.0.0 before 4.5.0.138
Phoenix Technologies SPI SMM Driver Vulnerability
November 14, 2023
CVE-2023-31100
Phoenix Technologies has been notified by IOActive researchers of a security issue in its SecureCore Technology SPI SMM Driver that could allow unauthorized access to the SPI flash on some platforms.
Read More »
The BlackLotus Campaign
October 26, 2023
Microsoft Incident Report | CVE-2022-21894
In April 2023, cybersecurity researchers at Microsoft identified a dangerous UEFI bootkit (CVE-2022-21894), dubbed “BlackLotus”. It operates at computer startup, compromising systems and disabling OS security mechanisms.
Read More »
Sunburst and SolarWinds Data Breach
January 7, 2021
Alert (AA20-352A) – US-Cert – CISA
In December 2020, cybersecurity researchers at FireEye discovered and reported a supply chain attack on SolarWinds software.
Read More »
WinFlash and WinFlash32 Drivers
August 3, 2019
CVE-2019-18279
In May 2019, Phoenix was contacted by researchers from Eclypsium about a security concern regarding our WinFlash and WinFlash32 drivers.
Read More »
LoJax Rootkit
September 27, 2018
On September 27, 2018, security researchers from ESET publicly disclosed the discovery of a UEFI rootkit named “LoJax” that was “found in the wild.”
Read More »
AMD Silicon (MASTERKEY, RYZENFALL, FALLOUT and CHIMERA)
March 13, 2018
CVE-2018-8930, CVE-2018-8931, CVE-2018-8932, CVE-2018-8933, CVE-2018-8934, CVE-2018-8935, CVE-2018-8936
On March 13, 2018, security researchers from CTS Labs publicly disclosed vulnerabilities discovered in certain AMD silicon, named MASTERKEY, RYZENFALL, FALLOUT, and CHIMERA. Phoenix’s UEFI firmware is not vulnerable to these attacks.
Read More »
Related news
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before 4.5.0.138
It's unclear why the NSA issued in-depth mitigation guidance for the software boot threat now, but orgs should take steps to harden their environments.
The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user executable policies and monitoring the integrity of the boot partition." BlackLotus is an advanced
Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months." Of the 38 vulnerabilities, six are rated Critical and
Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this vulnerability. This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware Interface (UEFI) level while Secure Boot is enabled.
BlackLotus is the first in-the-wild malware to exploit a vulnerability in the Secure Boot process on Windows, and experts expect copycats and imminent increased activity.
By Deeba Ahmed Security firm ESET’s cybersecurity researchers have shared their analysis of the world’s first UEFI bootkit being used in… This is a post from HackRead.com Read the original post: BlackLotus UEFI bootkit Can Bypass Secure Boot on Windows
A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot, making it a potent threat in the cyber landscape. "This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled," Slovak cybersecurity company ESET said in a report shared with The Hacker News. UEFI
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.