Overview
A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process.
Description
UEFI firmware is software written by vendors in the UEFI ecosystem to provide capabilities in the early start up phases of a computer. Secure Boot is a UEFI standard that can be enabled and used to verify firmware and to protect a system against malicious code being loaded and executed early in the boot process, prior to the loading of the operating system.
Security researchers at Eclypsium have found three specific UEFI bootloaders that are signed and authenticated by Microsoft to be vulnerable to a security feature bypass vulnerability allowing an attacker to bypass Secure Boot when it is enabled. The vulnerable bootloaders can be tricked to bypass Secure Boot via a custom installer (CVE-2022-34302) or an EFI shell (CVE-2022-34301 and CVE-2022-34303). As a vulnerable bootloader executes unsigned code prior to initialization of the the Operating System's (OS) boot process, it cannot be easily monitored by the OS or common Endpoint Detection and Response (EDR) tools.
The following vendor-specific bootloaders were found vulnerable:
Inherently vulnerable bootloader to bypass Secure BootNew Horizon Datasys Inc (CVE-2022-34302)
UEFI Shell execution to bypass Secure BootCryptoPro Secure Disk (CVE-2022-34301)
Eurosoft (UK) Ltd (CVE-2022-34303)
Impact
An attacker can bypass a system's Secure Boot feature at startup and execute arbitrary code ..
Support the originator by clicking the read the rest link below.
