Tag

Pixiefail

All articles tagged with #pixiefail

firmware-security-vulnerability2 years ago•2 min saved

"UEFI Vulnerabilities Pose Widespread Threat to Computer Security"

Multiple security vulnerabilities dubbed PixieFail have been disclosed in the TCP/IP network protocol stack of the open-source reference implementation of the UEFI specification, impacting UEFI firmware from major vendors. These flaws could lead to remote code execution, denial-of-service attacks, DNS cache poisoning, and data leakage. The vulnerabilities, identified by Quarkslab, are present in the TianoCore EFI Development Kit II (EDK II) and could be exploited by attackers within the local network or remotely, depending on the firmware build and default PXE boot configuration.

via The Hacker News|

#firmware #firmware-security-vulnerability #pixiefail

cybersecurity2 years ago•3 min saved

"Critical UEFI Vulnerabilities Shake Firmware Development Ecosystem"

Five leading UEFI firmware suppliers have been found to contain vulnerabilities collectively dubbed PixieFail, allowing attackers with network access to infect connected devices with malware at the firmware level. The vulnerabilities, residing in functions related to IPv6 in the TianoCore EDK II implementation, can be exploited through the PXE mechanism used in data centers. Attackers can plant UEFI-controlled backdoors in servers without needing physical access, posing a significant threat to data centers and cloud environments.

via Ars Technica|

#cybersecurity #data-centers #firmware-vulnerabilities

technology2 years ago•2 min saved

"PixieFail Vulnerabilities Expose UEFI PXE Boot Flaws in Enterprise Systems"

A set of nine vulnerabilities, known as PixieFail, have been discovered in the PXE network boot process, affecting Tianocore's EDK II, a widely used UEFI implementation in enterprise systems. These flaws, which were disclosed to impacted vendors, can lead to denial of service, information disclosure, remote code execution, DNS cache poisoning, and network session hijacking. The vulnerabilities impact various major tech companies and BIOS providers, and while patches for the first seven flaws are available, the disclosure date has been postponed due to complexities in fixing the issues faced by multiple vendors.

via BleepingComputer|

#pixiefail #pxe-network-boot #technology