Bad news for millions of Windows and Linux users! Their devices may be at risk. Cyber security researchers made a statement that worried users. According to research, there is a flaw that affects almost every Windows and Linux-powered machine in use today. Here are the details…
Windows and Linux users are under cyber threat!
Security researchers at Binarly conducted a study that concerns many Windows and Linux users. According to the results of the research, they detected a flaw called LogoFAIL. This flaw allows threat actors to run malicious code on the endpoint. This makes almost all antivirus and endpoint protection tools useless.
Regardless of the computer you have, the first thing you see when you start the computer is the device manufacturer’s logo. Unified Extensible Firmware Interface (UEFI) is still working while the logo is displayed. Researchers claim that UEFI has been vulnerable to nearly two dozen flaws for years. The attacker exploits this flaw by chaining this image. It can also replace this image with a different image that may contain malicious code.
Attackers are going to great lengths to avoid raising any suspicions. The image is designed exactly the same as the original. Still, UEFI reads and executes the code hosted there. The code is executed early in the boot phase. Considering this situation, unfortunately no security features and antivirus programs can flag it.
Devices thought to be vulnerable to LogoFAIL include the entire x64 and ARM CPU ecosystem. Also included in UEIF are suppliers AMI, Insyde, Phoenix, device manufacturers lenovo, Dell HP, CPU devices Intel and AMD. So what should users do against this threat? Security patches are already available. However, these patches vary from manufacturer to manufacturer. Users are encouraged to find the relevant alert document and learn how to fix the vulnerability.
{{user}} {{datetime}}
{{text}}