overview

A severe vulnerability, tracked as CVE-2024-0762, has been found in Phoenix SecureCore UEFI firmware, affecting a broad range of Intel-powered computers. This flaw allows local attackers to escalate privileges and execute arbitrary code within the firmware during runtime. 

CVE-2024-0762 stems from an unsafe call to the GetVariable UEFI service, leading to an exploitable stack buffer overflow. This issue specifically affects the UEFI code handling Trusted Platform Module (TPM) configuration, rendering TPM security ineffective against this flaw. Please see the following technical details:  

  • Impacted Intel Processor Families 
    • Alder Lake 
    • Coffee Lake 
    • Comet Lake 
    • Ice Lake 
    • Jasper Lake 
    • Kaby Lake 
    • Meteor Lake 
    • Raptor Lake 
    • Rocket Lake 
    • Tiger Lake 
  • Impacted Devices 
    • Various models from:  
      • Lenovo 
      • Acer 
      • Dell 
      • HP 
      • and potentially many others 

Phoenix Technologies has implemented fixes in their UEFI firmware. Lenovo and other manufacturers are actively releasing BIOS updates to address this vulnerability. While the vulnerability has not been exploited in the wild, it is highly recommended that all users apply the fixes/mitigations immediately. This kind of low-level vulnerability could provide attackers with persistent control and the ability to bypass higher-level security measures.  

 

 

avertium's recommendationS

  • Users should check for and apply the latest firmware updates from their device manufacturers. 
  • Please see Phoenix Technologies advisory for mitigation guidance.  

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-0762. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 
  • Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 




 

SUPPORTING DOCUMENTATION

Phoenix Technologies Buffer Overflow Vulnerability in TPM Configuration - Phoenix Technologies - Leading PC Innovation since 1979 

Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability - SecurityWeek 

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) - Help Net Security 

 
Chat With One of Our Experts



Flash Notice Critical Vulnerability firmware vulnerability Intel Blog