E iva faʻafitauli ua faʻaalia i le UEFI firmware e faʻavae i luga o le TianoCore EDK2 tatala faʻavae, e masani ona faʻaogaina i luga o faiga faʻapipiʻi, faʻamaopoopo codenamed PixieFAIL. O lo'o iai fa'aletonu i totonu ole fa'aputuga fa'amaumau feso'ota'iga na fa'aogaina e fa'atulaga ai le ta'avale feso'otaiga (PXE). O faʻafitauli sili ona mataʻutia e mafai ai e se tagata osofaʻi e leʻi faʻamaonia ona faʻatinoina le code mamao i le firmware level i luga o faiga e faʻatagaina ai le PXE booting i luga o le IPv9 network.
O fa'afitauli fa'aletonu e i'u ai i le fa'afitia o le tautua (fa'a'a'a'a), le fa'amatalaga o fa'amatalaga, fa'a'ona o le DNS, ma le faoa o le TCP. O le tele o faʻafitauli e mafai ona faʻaogaina mai le fesoʻotaʻiga faʻapitonuʻu, ae o nisi faʻafitauli e mafai foi ona osofaia mai se fesoʻotaiga i fafo. O se faʻataʻitaʻiga masani o osofaʻiga e faʻafefe i lalo i le mataʻituina o feoaiga i luga o se fesoʻotaʻiga faʻapitonuʻu ma auina atu faʻailoga faʻapitoa pe a iloa gaioiga e fesoʻotaʻi ma le faʻaosoina o le faiga e ala i le PXE. E le mana'omia le avanoa ile server download po'o le DHCP server. Ina ia faʻaalia le auala osofaʻi, ua faʻasalalau faʻataʻitaʻiga faʻataʻitaʻiga.
UEFI firmware faʻavae i luga o le TianoCore EDK2 platform e faʻaaogaina i le tele o kamupani tetele, faʻapipiʻi ao, nofoaga autu o faʻamatalaga ma faʻapipiʻi komepiuta. Aemaise lava, o le faʻaogaina o le NetworkPkg module faʻatasi ai ma le PXE boot implementation o loʻo faʻaaogaina i le firmware na atiae e le ARM, Insyde Software (Insyde H20 UEFI BIOS), American Megatrends (AMI Aptio OpenEdition), Phoenix Technologies (SecureCore), Intel, Dell ma Microsoft (Project Mu ). O faʻafitauli na talitonuina foi e aʻafia ai le ChromeOS platform, o loʻo i ai se pusa EDK2 i totonu o le fale teu oloa, ae na fai mai Google e le o faʻaogaina lenei afifi i le firmware mo Chromebooks ma le ChromeOS platform e le afaina i le faʻafitauli.
Fa'ailoga fa'aletonu:
- CVE-2023-45230 - O se faʻamaufaʻailoga faʻafefe i le DHCPv6 client code, faʻaaogaina e ala i le pasi umi o se ID server (Server ID filifiliga).
- CVE-2023-45234 - E tupu se faʻamaʻi paʻu pe a faʻagasolo se filifiliga ma faʻamaufaʻailoga DNS na pasia i se feʻau e faʻailoa ai le i ai o se server DHCPv6.
- CVE-2023-45235 - Faʻamalo le paʻu pe a faʻagasolo le filifiliga ID Server ile DHCPv6 sui faʻasalalauga feʻau.
- CVE-2023-45229 o se integer underflow lea e tupu i le faagasologa o IA_NA/IA_TA filifiliga i le DHCPv6 savali faasalalau se server DHCP.
- CVE-2023-45231 Ose fa'amatalaga fa'aletonu e tupu pe a fa'agaioi fe'au ND Redirect (Neighbor Discovery) fa'atasi ai ma fa'atauga filifiliga.
- CVE-2023-45232 E tupu se matasele e le i'u pe a va'ai filifiliga le iloa i le ulutala Filifiliga Taulaga.
- CVE-2023-45233 E tupu se matasele e le i'u pe a fa'avasega le filifiliga PadN i le fa'aulu o le afifi.
- CVE-2023-45236 - Fa'aoga o fatu fa'asologa o TCP e fa'ataga ai le so'oga o le TCP.
- CVE-2023-45237 - Faʻaaogaina o se faʻaogaina ole faʻaogaina ole numera faʻafuaseʻi e maua ai tau faʻamaonia.
O fa'aletonu na tu'uina atu i le CERT/CC ia Aukuso 3, 2023, ma le aso fa'ailoa na fa'atulaga mo Novema 2. Ae ui i lea, ona o le manaʻomia o le tuʻufaʻatasia o le patch faʻasalalauga i le tele o tagata faʻatau, o le aso faʻamalolo na muamua tulei i tua ia Tesema 1st, ona toe tulei atu lea ia Tesema 12th ma Tesema 19th, 2023, ae na faʻaalia mulimuli ane ia Ianuari 16th, 2024. I le taimi lava e tasi, na talosaga Microsoft e tolopo le lolomiina o faʻamatalaga seia oʻo ia Me.
puna: opennet.ru