Security firm Binarly has discovered more than 20 vulnerabilities hiding in BIOS/UEFI software from a wide range of system vendors, including Intel, Microsoft, Lenovo, Dell, Fujitsu, HP, HPE, Siemens, and Bull Atos.
Binarly found the issues were associated with the use of InsydeH20, a framework code used to build motherboard unified extensible firmware interfaces (UEFI), the interface between a computer’s operating system and firmware.
All of the aforementioned vendors used Insyde’s firmware SDK for motherboard development. It is expected that similar types of vulnerabilities exist in other in-house and third-party BIOS-vendor products as well.
Leave a Reply