A safety warning issued for Intel BIOS Guard and PPAM firmware has obtained an replace from the BSI. You can examine which methods and merchandise are affected by the safety hole right here on information.de.
The Federal Office for Security in Information Technology (BSI) printed a safety advisory for Intel BIOS Guard and PPAM firmware on May 14, 2024. The vulnerability impacts the working system BIOS/firmware in addition to the merchandise Dell Computer, HP BIOS, HP Computer, Lenovo Computer and Intel Firmware. This alert was final up to date on May 15, 2024.
The newest producer suggestions concerning updates, workarounds and safety patches for this vulnerability could be discovered right here: HP Security Bulletin HPSBHF03936 (As of May 8, 2024). Other helpful hyperlinks are listed later on this article.
Security Notice for Intel BIOS Guard and PPAM Firmware – Risk: medium
Risk degree: 5 (medium)
CVSS Base Score: 7,2
CVSS Temporal Score: 6,9
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc methods. The CVSS normal makes it attainable to check potential or precise safety vulnerabilities primarily based on numerous metrics so as to higher prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “crucial” are used to find out the severity ranges of a vulnerability. The Base Score evaluates the necessities for an assault (together with authentication, complexity, privileges, person interplay) and its penalties. The temporal rating additionally takes adjustments over time within the hazard scenario under consideration. The severity of the vulnerability mentioned right here is rated as “medium” in response to the CVSS with a base rating of seven.2.
Intel BIOS Guard and PPAM Firmware Bug: Multiple vulnerabilities enable privilege escalation
The firmware is software program that’s completely embedded within the gadgets and supplies fundamental capabilities.
An area attacker can exploit a number of vulnerabilities in Intel BIOS Guard and PPAM firmware to raise their privileges.
The vulnerabilities had been categorized utilizing the CVE (Common Vulnerabilities and Exposures) referencing system utilizing the person serial numbers CVE-2023-27504, CVE-2023-28383 und CVE-2023-28402.
Systems affected by the safety hole at a look
methods
BIOS/Firmware
Products
Dell Computer (cpe:/o:dell:dell_computer)
HP BIOS (cpe:/h:hp:bios)
HP Computer (cpe:/h:hp:pc)
Lenovo Computer (cpe:/h:lenovo:pc)
Intel Firmware BIOS Guard (cpe:/a:intel:firmware)
Intel Firmware PPAM Firmware (cpe:/a:intel:firmware)
General measures for coping with IT safety gaps
Users of the affected methods ought to maintain them updated. When safety gaps turn out to be recognized, producers are required to repair them as rapidly as attainable by creating a patch or a workaround. If new safety updates turn out to be out there, set up them promptly. For info, seek the advice of the sources listed within the subsequent part. These typically comprise additional details about the most recent model of the software program in query in addition to the provision of safety patches or details about workarounds. If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently examine the sources talked about to see whether or not a brand new safety replace is offered.
Sources of updates, patches and workarounds
Here you can find additional hyperlinks with details about bug experiences, safety fixes and workarounds.
HP Security Bulletin HPSBHF03936 vom 2024-05-08 (15.05.2024)
For extra info, see:
Lenovo Security Advisory LEN-158632 from 2024-05-15 (14.05.2024)
For extra info, see:
Dell Security Advisory DSA-2023-449 vom 2024-05-14 (14.05.2024)
For extra info, see:
Dell Security Advisory DSA-2024-199 vom 2024-05-14 (14.05.2024)
For extra info, see:
Intel Security Advisory INTEL-SA-00814 vom 2024-05-14 (14.05.2024)
For extra info, see:
Version historical past of this safety alert
This is the 2nd model of this IT safety discover for Intel BIOS Guard and PPAM firmware. If additional updates are introduced, this article is going to be up to date. You can see the adjustments made utilizing the model historical past beneath.
May 14, 2024 – Initial model
May 15, 2024 – New updates from HP added
+++ Editorial observe: This textual content was generated primarily based on present BSI knowledge and will likely be up to date in a data-driven method relying on the warning scenario. We settle for suggestions and feedback at [email protected]. +++
comply with News.de already at Facebook, Twitter, Pinterest and YouTube? Here you can find scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de