January 16, 2024 at 09:12AM
Quarkslab discovered multiple critical vulnerabilities in the EDK II network stack, posing a risk of remote code execution attacks. These vulnerabilities, known as PixieFAIL, affect the PXE implementation and are utilized by various vendors, including Microsoft. Quarkslab released proof-of-concept code for the vulnerabilities and anticipates the CERT Coordination Center to provide guidance on fixes and mitigations.
From the meeting notes:
– French security research firm Quarkslab found multiple serious vulnerabilities in EDK II, the open source reference implementation of the UEFI specification.
– The vulnerabilities are present in the network stack of EDK II and can be exploited during the network boot process.
– Nine vulnerabilities were identified, collectively named PixieFAIL.
– Quarkslab confirmed vulnerable code in Microsoft’s Project Mu adaptation of Tianocore’s EDK2.
– Quarkslab released proof-of-concept code to trigger the first seven vulnerabilities.
– The CERT Coordination Center will publish a notice with a comprehensive list of affected vendors and guidance to deploy fixes and mitigations.
Let me know if you need any further details or if there is anything specific you’d like to focus on.