Thursday, December 7th 2023
LogoFAIL Vulnerability Affects Almost Every PC Running Windows and Linux
Binarly's research team has discovered a collection of security vulnerabilities known as "LogoFAIL", which affects image parsing components within the UEFI firmware of a wide array of devices. These vulnerabilities are especially concerning because they are embedded within the reference code provided by Independent BIOS Vendors (IBVs), affecting not just a single vendor but a broad spectrum of devices that utilize this code. LogoFAIL is particularly dangerous because it allows attackers to bypass crucial security measures such as Secure Boot and Intel Boot Guard by executing a payload during the device's boot process. This is achieved by storing malicious images on the EFI System Partition or within unsigned sections of firmware updates. This method can compromise system security deeply without altering the runtime integrity of the bootloader or firmware, unlike other threats such as BlackLotus or BootHole.
The potential reach of LogoFAIL vulnerability is rather wide, with millions of consumer and enterprise-grade devices from various vendors, including ones like Intel, Acer, and Lenovo, being vulnerable. The exact list of affected devices is still undetermined, but the prevalence of the IBVs' code across numerous devices suggests that the impact could be widespread, with both Windows and Linux users being affected. Only PCs that don't allow any logotype displayed in the UEFI during the boot process are safe. Apple's Macs are secure as they don't allow any add-on images during boot, and some OEM prebuilt PCs, like the ones from Dell, don't allow images in the UEFI. Some makers like Lenovo, AMI, and Insyde have already published notes about cautiously uploading custom images to the UEFI and providing BIOS updates. Consumers and enterprises must check with their OEMs and IBVs for BIOS microcode updates to patch against this vulnerability.Below, you can see the proof of concept in a YouTube video.
The potential reach of LogoFAIL vulnerability is rather wide, with millions of consumer and enterprise-grade devices from various vendors, including ones like Intel, Acer, and Lenovo, being vulnerable. The exact list of affected devices is still undetermined, but the prevalence of the IBVs' code across numerous devices suggests that the impact could be widespread, with both Windows and Linux users being affected. Only PCs that don't allow any logotype displayed in the UEFI during the boot process are safe. Apple's Macs are secure as they don't allow any add-on images during boot, and some OEM prebuilt PCs, like the ones from Dell, don't allow images in the UEFI. Some makers like Lenovo, AMI, and Insyde have already published notes about cautiously uploading custom images to the UEFI and providing BIOS updates. Consumers and enterprises must check with their OEMs and IBVs for BIOS microcode updates to patch against this vulnerability.Below, you can see the proof of concept in a YouTube video.