News Week Ending March 27, 2022

HP UEFI Firmware Patch
by Artie Kaye

To start with, what is UEFI?

UEFI (Unified Extensible Firmware Interface)is the successor to the BIOS (Basic Input/Output System) on motherboards.  It is the program that tells the motherboard how to work in relation to the various hardware connected to it.  

Because this exists outside of any operating system that may be installed on the machine, it has higher access level on what to install or run.  UEFI do have security measures in place to make sure that nothing malicious is activated, however, the flaws that HP has patched can circumvent those.

Hewlett Packer released a bulletin regarding security flaws in its products.  These flaws can allow programs to gain highest access to the machine, allowing them to execute malware without detection.  Anyone using an HP computer should get their machine’s firmware patched to avoid the worst case scenarios.  This is not an optional update, this is a critical update.  Contact your tech people and get on this.

Linux Vulnerability
by Artie Kaye

Linux also shared in the vulnerability problems plaguing the industry this March.  Researchers have discovered a major threat to Linux users called Dirty Pipe.  This is a flaw in the kernel which can allow untrusted users to create new user accounts with highest level access, overwrite read only data or outright hijack the system.  This vulnerability is also present in Android based Linux kernels.  5.8 is the first version of the linux kernel that had this vulnerability present.  It has been fixed in version 5.16.11, 5.15.25, and 5.10.102. 

This flaw is listed as CVE-2022-0847.