Uefi logo vulnerability

[Box Brownie]

Hi all

I spotted this mentioned on a BIOS update for my Z790 motherboard....and looked it up to read this.


LogoFAIL is not just another cybersecurity buzzword; it represents a tangible threat to the integrity of the UEFI code, impacting both x86 and ARM architectures. At the core of this vulnerability are the image parsing libraries responsible for displaying logos during the booting sequence.


None too clear of this is, though as it says above a "tangible threat", of the highest concern or not depending on PC usage ???

PS in the same update the Intel GNA is implemented but having read about it, it Intel have dropped it's implementation on the more recent chips?

 

[AndrewFlannigan]

There's a readable explanation of how this could be done here...

LogoFAIL attack via image substitution in UEFI

Researchers have found a way to attack computers through the logo image replacement mechanism in UEFI.

www.kaspersky.co.uk

It basically comes down to a stupid commercial decision by the EUFI coders - to allow changes to the code that was intended to display a manufacturer's logo on startup.

This is definitely a moment for

 

[Box Brownie]

There's a readable explanation of how this could be done here...

LogoFAIL attack via image substitution in UEFI

Researchers have found a way to attack computers through the logo image replacement mechanism in UEFI.

www.kaspersky.co.uk

It basically comes down to a stupid commercial decision by the EUFI coders - to allow changes to the code that was intended to display a manufacturer's logo on startup.

This is definitely a moment for

Interesting and may be best to update?

Though how many PC owners/users keep an eye on such BIOS updates.

FWIW mine was a self build and the boot logo/splash screen is the motherboard makers one

So, do you checked your BIOS update status?