Security exploit possibly in Intel 8 series UEFI common codes
A security flaw is recently exposed in certain systems and a motherboard manufacturer. The exploit called ‘ThinkPwn’ is a low-level access where the attacker can bypass the victim’s Windows security features. It allows the hacker to insert a malicious code in the CPU’s privileged System Management Mode (SSM). Once accessed, the user can easily turn off secure boot and other such features.
The exploit ‘ThinkPwm’ is found in Intel-based systems made by HP and Lenovo. It was also found in some Gigabyte motherboards. These include models such as Z77X-UD5H, Z68-UD3H, Z87MX-D3H and Z97-D3H. Dmytro Oleksiuk talked about this security flaw last week but did not advise any of the manufacturers. Rather, it was shared via Twitter.
Lenovo’s security advisory
While HP, Intel and Gigabyte did not issue any advisory yet, Lenovo responded quickly. The company said that its team is made aware once the researcher posted about it via social media. They wanted to work with Dmytro but he did not respond. In the meantime, the company is investigating. The vulnerability is in the SMM code made their Independent BIOS vendors. It’s a standard procedure for IBVs use the common code for the UEFI provided by chipmakers like Intel and AMD. Lenovo assured they did not develop the vulnerability and trying to find its the original author. Currently, the company is working with all of its three IBVs and Intel.
Reason for the presence of exploits with countless UEFI motherboards
He said that the vulnerability could be in the codes used in Intel 8-series chipsets. Eventually, it was fixed in mid-2014 but Intel did not provide any advisories to the companies. Hence, the Independent BIOS vendors and motherboards makers couldn’t have known about it. It would awfully be nice of Dmytro if he can work with Lenovo and others to identify and find a patch quickly.
Its likely that it may involve multiple PC and motherboard makers which will take a while to get affected UEFI patched. As a suggestion, be on a lookout for an update BIOS.
(Thanks for the tip, Abhay Masand!)