Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

  • 0 Replies
  • 463 Views
*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10626

Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory —a mandatory component used during the boot-up process.

According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware."

Lenovo engineers say "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution."

Continued: https://www.bleepingcomputer.com/news/security/intel-spi-flash-flaw-lets-attackers-alter-or-delete-bios-uefi-firmware/

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-