HomeCyber AttacksThe LogoFAIL vulnerability permits picture file assaults in your machine

The LogoFAIL vulnerability permits picture file assaults in your machine


Readers assist help Home windows Report. We might get a fee in the event you purchase by way of our hyperlinks.

Learn our disclosure web page to seek out out how will you assist Home windows Report maintain the editorial staff Learn extra

AMD companions began rolling out firmware updates to repair the LogoFAIL vulnerability. To do that, they upgraded AGESA (AMD Generic Encapsulated Software program Structure) to model 1.2.0.B. As well as, they added a patch for the LogoFAIL UEFI vulnerability. On prime of that, Aorus Elite V2 and Gigabyte B550 obtained the replace final month.

Asus, MSI, and ASRock are additionally beginning to roll the LogoFAIL UEFI vulnerability patch. Nevertheless, the AMD firmware is a bit late in updating. In spite of everything, Intel began releasing patches in December 2023.

How does the LogoFAIL vulnerability work?

In response to Kaspersky, the LogoFAIL vulnerability (CVE-2023-40238) permits menace actors to use the method of customizing boot logos on computer systems. While you flip your PC on, the UEFI firmware begins first and shows the producer’s emblem.

See also  Menace Actors Focusing on Microsoft SQL Servers to Deploy FreeWorld Ransomware

You need to use the characteristic to vary your emblem. Nevertheless, it additionally permits hackers to do it. Thus, they will entry your PC earlier than the OS begins and achieve management over it. On prime of that, they will do it remotely and use UEFI bootkits.

Hackers can exploit the LogoFAIL vulnerability to switch system information and run malicious codes with the very best privileges. On prime of that, the malware can nonetheless exist after reinstalling the OS and changing the laborious drive.

Cybercriminals can set off the vulnerability by altering the decision of the Boot picture. Consequently, they trigger a calculation error. By way of it, they will inject malicious code right into a reminiscence space for an executable code.

Some producers like Lenovo, Intel, and Acer let you change your Boot emblem. So, they make it simpler for hackers to assault your machine. Additionally, some security options, like Intel Boot Guard and AMD {Hardware}-Validated Boot, don’t defend you in opposition to the LogoFAIL vulnerability as a result of it occurs earlier than the boot.

See also  Quickly, Microsoft would require Azure customers to make use of MFA

The UEFI firmware permits the utilization of a number of picture codecs akin to BMP, GIF, JPEG, PCX, PNG, and TGA. Consequently, there are extra probabilities for menace actors to assault your system.

Finally, AMD methods began to roll updates to patch the LogoFAIL vulnerability late. Additionally, it’s laborious to do away with it. Nevertheless, some methods, akin to Apple laptops or Dell units, don’t allow a Boot emblem change or have many restrictions.

What are your ideas? Do you know that you can change your Boot emblem? Tell us within the feedback.


See also  New Ymir Ransomware Exploits Reminiscence for Stealthy Attacks; Targets Company Networks

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular