UEFI firmware updates for "BIOS Extreme Privilege Escalation"

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

UEFI firmware updates for "BIOS Extreme Privilege Escalation"

Jochen Spieker
Hi,

Not strictly Linux-related but I guess many of us need to patch their
systems:

http://support.lenovo.com/us/en/product_security/uefi_edk2

At least X230s, X240(s), T430 and T440(s) are affected. Many others
still have the status "Researching" so you might want to check again
later when you have one of those systems.

J.
--
I throw away plastics and think about the discoveries of future
archeologists.
[Agree]   [Disagree]
                 <http://www.slowlydownward.com/NODATA/data_enter2.html>

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UEFI firmware updates for "BIOS Extreme Privilege Escalation"

Martin Schuster (IFKL IT OS DS CD)
On 2014-10-22 21:41, Jochen Spieker wrote:
> [...]
> Not strictly Linux-related but I guess many of us need to patch their
> systems:
>
> http://support.lenovo.com/us/en/product_security/uefi_edk2
>
Thanks Jochen!

Does someone know if this is as bad as the description on
http://www.kb.cert.org/vuls/id/552286
makes it sound ("A local authenticated attacker may be able to execute
arbitrary code with the privileges of system firmware"), or does it
require actual root-access to exploit?

cheers,
--
Infineon Technologies IT-Services GmbH     [hidden email]
Lakeside B05, 9020 Klagenfurt, Austria     Martin Schuster
          FB: LG Klagenfurt, FN 246787y     +43 5 1777 3517


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UEFI firmware updates for "BIOS Extreme Privilege Escalation"

Jochen Spieker
Martin Schuster (IFKL IT OS DC CD):

> On 2014-10-22 21:41, Jochen Spieker wrote:
>> [...]
>> Not strictly Linux-related but I guess many of us need to patch their
>> systems:
>>
>> http://support.lenovo.com/us/en/product_security/uefi_edk2
>>
> Thanks Jochen!
>
> Does someone know if this is as bad as the description on
> http://www.kb.cert.org/vuls/id/552286
> makes it sound ("A local authenticated attacker may be able to execute
> arbitrary code with the privileges of system firmware"), or does it
> require actual root-access to exploit?
This presentation assumes local admin privileges to exploit the issue:

https://www.mitre.org/publications/technical-papers/presentation-extreme-privilege-escalation-on-windows-8uefi-systems

It also mentions that a new Windows 8 API is necessary. I have no idea
whether a pure !Windows system may be exploitable as well.

J.
--
I am no longer prepared to give you the benefit of the doubt.
[Agree]   [Disagree]
                 <http://www.slowlydownward.com/NODATA/data_enter2.html>

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UEFI firmware updates for "BIOS Extreme Privilege Escalation"

Matthew Garrett
On Thu, Oct 23, 2014 at 11:27:07PM +0200, Jochen Spieker wrote:
> This presentation assumes local admin privileges to exploit the issue:
>
> https://www.mitre.org/publications/technical-papers/presentation-extreme-privilege-escalation-on-windows-8uefi-systems
>
> It also mentions that a new Windows 8 API is necessary. I have no idea
> whether a pure !Windows system may be exploitable as well.

There's nothing Windows-specific about this, but there's no existing API
in Linux that you could use to exploit it. If an attacker can execute
arbitrary kernel code then they can still take advantage of it.

--
Matthew Garrett | [hidden email]
--
The linux-thinkpad mailing list home page is at:
http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpad
Loading...