PixieFail, The Brand New UEFI Infection To Worry About
Five Vendors PXE Network Boot Implementations Are Scarily Vulnerable
PixieFail is a set of new UEFI vulnerabilities which affects devices running ARM, Insyde, AMI, Phoenix Technologies, or Microsoft’s implementation of PXE, otherwise known as netboot. The UEFI need to be set up with IPv6 but unfortunately the attacker doesn’t need physical access to the system to take advantage of PixieFail. All they need is access to your network and a program that allows them to view and capture traffic and then to inject packets.
Once they have network access, they can trigger any machine on the network, up to and including servers, to install malicious code onto the UEFI of the system. As we have sadly learned, once infected no antivirus software will be able to detect the malicious code and a reboot or reimage will not help at all. Take a look for BIOS updates and plan some downtime for your servers as the ease of implementation on your cloud is rather terrifying.
The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly to public and private data centers and possibly other enterprise settings.
More Tech News From Around The Web
- Citrix warns of new Netscaler zero-days exploited in attacks @ Bleeping Computer
- AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks @ Bleeping Computer
- VMware End of Availability on Many VMware vSphere Editions @ ServeTheHome
- JPMorgan Suffers 45 Billion Cyber Attacks a Day @ Slashdot
- Patch now: Critical VMware, Atlassian flaws found @ The Register
- Brace Yourself, IPv6 is Coming @ Slashdot
- What to expect from the Apple Vision Pro in February @ Ars Technica
- Tesla owners in deep freeze discover the cold, hard truth about EVs @ The Register
