On December 6th a suite of Common Vulnerabilities and Exposures (CVE) were presented by the Binarly REsearch team during the European Black Hat 2023 conference. Dubbed “LogoFAIL”, the researchers demonstrated how computers with customizable boot logos can be compromised through specially crafted images designed to exploit vulnerabilities. Many vendors use custom boot images but, in most circumstances, these are hard coded and not replaceable. Some vendors (Lenovo, Acer, and Intel) do not lock this feature down and allow users to upload their own custom image. This is the route the researchers took when demonstrating the exploit. If done properly, the new malicious image is imperceptible from the original unless special tools are used to analyze the image hash. Additionally, since the exploit occurs outside of the operating system, reinstalling the OS and even replacing the hard drive will not remove the exploit. As long as the malicious image exists, the computer is compromised again and again with every single boot. Due to the severity of this exploit, vendors who are impacted by this have begun releasing statements. So far only Lenovo and Intel have released statements (linked below). Acer has not at the time of this post.
-
Lenovo
-
Acer
-
No advisory released
-
-
Intel
Researchers at Binarly are still in the process of compiling a complete list of all impacted manufacturers and devices. We expect this list to be extensive once completed as more light is shed on the possibilities of this exploit. Palante recommends that any individual using a windows device from a major manufacturer perform a BIOS update ASAP. Please review the links below for instructions on how to perform BIOS updates as each manufacturer has their own unique method for performing a BIOS update.
-
Lenovo
-
Acer
-
Intel
Please Note: If you’re performing a BIOS update on a laptop, ensure that the machine has a fully charged battery and is plugged in during the process. Any interruption in the update process can have SEVERE negative consequences up to and including rendering the device inoperable. During this process the computer screen might go black and your computer may appear to have powered down, this is a part of the process and should NOT be interrupted.
If you’re a Palante MSP customer please reach out to support@palantetech.coop! We’ll walk you through the entire update process from start to finish to ensure your machine is protected and answer any questions you might have.
LogoFAIL is a compilation of all of the CVE listed below:
CVE-2023-5058, CVE-2023-39538, CVE-2023-39539, CVE-2023-40238