Security researchers have discovered a serious vulnerability in the Unified Extensible Firmware Interface (UEFI) used by motherboards from ASUS, Gigabyte, MSI, and ASRock. This flaw allows attackers with physical access to compromise system memory during the initial boot phase, even before the operating system begins to load.
The problem stems from a flaw in the initialization of memory protections during the initial boot process. Modern systems use Direct Memory Access (DMA) to allow certain devices to interact directly with memory. A memory firewall called the Input/Output Memory Management Unit (IOMMU) is supposed to block unauthorized access, but on the affected motherboards, the firmware incorrectly reports that the protections are active before the IOMMU is fully configured. This makes it easy for a malicious DMA-enabled device, such as an unauthorized PCIe card, to read or modify system memory undetected.
Because this attack occurs before secure boot and operating system defenses are activated, an intruder could extract sensitive data, alter configurations, or inject malicious code that persists after a reboot. Although physical access is required, the vulnerability poses a serious risk in enterprise environments, shared workstations, and other high-security settings.
Manufacturers are expected to release firmware updates to address the issue. Experts recommend applying the updates immediately and enabling all available firmware security features to reduce exposure. This discovery highlights how vulnerabilities in the deeper stages of the boot process can provide attackers with a stealthy entry point into systems previously considered secure.
SOURCE: BLEEPINGCOMPUTER
Be the first to comment