June 21, 2024 at 12:30PM A new UEFI firmware vulnerability (CVE-2024-0762, CVSSv3: 7.5) disclosed by Eclypsium affects Phoenix Technologies’ UEFI firmware, potentially impacting various Intel chip families back to Kaby Lake. Exploiting a Trusted Platform Module (TPM) configuration flaw, it poses a threat despite having a TPM in the device. Mitigations and patches have been … Read more
June 20, 2024 at 05:32PM A new vulnerability, CVE-2024-0762, in Phoenix SecureCore UEFI firmware impacts devices running various Intel CPUs. Dubbed ‘UEFICANHAZBUFFEROVERFLOW,’ the flaw, discovered by Eclypsium, affects the firmware’s TPM configuration, posing a code execution risk. Lenovo has released new firmware, with the potential for hundreds of models’ impacted. Secure Boot in UEFI firmware … Read more
June 20, 2024 at 05:10PM A critical vulnerability, CVE-2024-0762 “UEFIcanhazbufferoverflow,” affecting Intel processors has been detailed by Eclypsium researchers. The flaw in UEFI firmware may allow attackers to gain unauthorized access and execute malicious code. The widespread impact on various PC models running SecureCore firmware adds complexity to patching efforts, leaving organizations vulnerable until fixes … Read more
June 20, 2024 at 09:33AM A high-severity vulnerability, CVE-2024-0762 (dubbed UEFIcanhazbufferoverflow), was found in Phoenix Technologies’ SecureCore UEFI firmware, affecting multiple Intel processors. Eclypsium discovered the security hole, warning of potential escalation of privileges and code execution. Phoenix has addressed the issue, with device manufacturers deploying patches. Lenovo is also releasing fixes for affected computers. … Read more