VU#457458: Vendor-signed UEFI applications found vulnerable to Secure Boot bypass
Multiple vendor-signed UEFI applications are susceptible to a Secure Boot bypass attack. This exploit allows attackers to execute arbitrary code during the early pre-boot phase. The vulnerability leverages "Bring Your Own Vulnerable Driver" (BYOVD) techniques. If a system trusts the vendor's certificate, attackers can compromise the firmware before the operating system loads. The UEFI standard requires signed applications and drivers for Secure Boot. Attackers can exploit UEFI applications with specific functionalities to circumvent these security policies. Researchers identified various UEFI applications from vendors like Acer, AMD, and ASUS as vulnerable. These applications possess capabilities to manipulate memory or load raw drivers. The impact is significant, allowing for persistent platform compromise and evasion of security tools. To mitigate this risk, system administrators must update the UEFI Forbidden Signature Database (DBX). This action revokes trust in the vulnerable binaries. Additionally, applying vendor-provided firmware and software updates is crucial. These updates replace vulnerable applications with secure versions. Updating the DBX prevents the execution of these compromised applications.