ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerabilities hauv UEFI firmware raws li InsydeH2O lub moj khaum, tso cai rau kev ua tiav ntawm qib SMM

Vulnerabilities hauv UEFI firmware raws li InsydeH2O lub moj khaum, tso cai rau kev ua tiav ntawm qib SMM

Nyob rau hauv InsydeH2O lub moj khaum, siv los ntawm ntau lub tuam txhab tsim UEFI firmware rau lawv cov khoom siv (feem ntau siv UEFI BIOS), 23 qhov tsis zoo tau raug txheeb xyuas uas tso cai rau kev ua tiav ntawm SMM (System Management Mode) qib, uas muaj qhov tsis zoo. qhov tseem ceeb dua (Ntiv nplhaib -2) dua li hom hypervisor thiab xoom nplhaib ntawm kev tiv thaiv, thiab muaj kev txwv tsis pub nkag mus rau txhua lub cim xeeb. Qhov teeb meem cuam tshuam rau UEFI firmware siv los ntawm cov tuam txhab xws li Fujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel thiab Bull Atos.

Kev siv qhov tsis zoo yuav tsum muaj kev nkag mus rau hauv cheeb tsam nrog cov cai tswj hwm, uas ua rau cov teeb meem nrov raws li qhov tsis zoo thib ob, siv tom qab siv lwm qhov tsis zoo hauv qhov system lossis siv cov txheej txheem social engineering. Kev nkag mus ntawm qib SMM tso cai rau koj ua tiav cov cai ntawm qib uas tsis tau tswj hwm los ntawm kev khiav haujlwm, uas tuaj yeem siv los hloov kho firmware thiab tawm hauv cov lej zais tsis zoo lossis cov hauv paus hauv paus hauv SPI Flash uas tsis pom los ntawm lub operating system, nrog rau. kom lov tes taw kev pov thawj ntawm lub khau raj theem (UEFI Secure Boot, Intel BootGuard) thiab tawm tsam ntawm hypervisors kom hla cov txheej txheem rau kev tshuaj xyuas kev ncaj ncees ntawm virtual ib puag ncig.

Vulnerabilities hauv UEFI firmware raws li InsydeH2O lub moj khaum, tso cai rau kev ua tiav ntawm qib SMM

Kev siv qhov tsis zoo tuaj yeem ua tau los ntawm kev khiav haujlwm uas siv tsis tau lees paub SMI (System Management Interrupt) cov neeg ua haujlwm, nrog rau nyob rau theem ua ntej ntawm kev ua haujlwm ntawm lub sijhawm pib ntawm booting lossis rov qab los ntawm kev pw tsaug zog. Txhua qhov tsis zoo yog tshwm sim los ntawm teeb meem nco thiab muab faib ua peb pawg:

  • SMM Callout - ua kom tiav koj cov cai nrog SMM txoj cai los ntawm kev xa rov qab qhov kev ua tiav ntawm SWSMI cuam tshuam cov neeg ua haujlwm rau code sab nraud SMRAM;
  • Lub cim xeeb kev noj nyiaj txiag uas tso cai rau tus neeg tawm tsam sau lawv cov ntaub ntawv rau SMRAM, thaj chaw tshwj xeeb cais tshwj xeeb uas cov cai raug tua nrog SMM txoj cai.
  • Nco kev noj nyiaj txiag hauv cov lej khiav ntawm DXE (Driver eXecution Environment) qib.

Txhawm rau ua kom pom cov hauv paus ntsiab lus ntawm kev teeb tsa kev tawm tsam, ib qho piv txwv ntawm kev siv tau raug luam tawm, uas tso cai, los ntawm kev tawm tsam los ntawm qhov thib peb lossis xoom lub nplhaib ntawm kev tiv thaiv, kom nkag mus rau DXE Runtime UEFI thiab ua rau koj cov cai. Qhov kev siv dag zog siv cov txheej txheem ntau dhau (CVE-2021-42059) hauv UEFI DXE tsav tsheb. Thaum lub sij hawm tawm tsam, tus neeg tawm tsam tuaj yeem tso nws cov cai hauv DXE tus tsav tsheb, uas tseem ua haujlwm tom qab lub operating system rov pib dua, lossis hloov pauv rau thaj tsam NVRAM ntawm SPI Flash. Thaum lub sijhawm ua tiav, tus neeg tawm tsam tuaj yeem hloov pauv rau thaj chaw nco muaj cai, hloov kho EFI Runtime cov kev pabcuam, thiab cuam tshuam rau cov txheej txheem khau raj.

Tau qhov twg los: opennet.ru

Ntxiv ib saib