Cert advisories regarding BIOS vulnerabilities: - Vulnerability Note VU#976132
- Vulnerability Note VU#766164
- Vulnerability Note VU#533140
I have NOT tested any of the updates/tools listed below - just providing what information I could find
These are the vendors that are known to be affected at this time. However, it’s not known whether other large vendors may be vulnerable
American Megatrends Incorporated - no information on their website about a fix
- try using the Firmware Update Tool
Phoenix Technologies - no information on their website about a fix
- BIOSAgentPlus may work
Intel site has link to an update, plus additional details regarding the vulnerability
Insyde Software Corporation - no information on their website about a fix. Vendor states that issue was fixed in releases from week 49 of 2012.
Additional Reading (in your spare time of course!)
- My KPMG Forensic Focus Article: Corruption at the Computer’s Core: Reducing the Risk of BIOS-attacking Malware
- PC World Article on the vulnerabilities:Firmware flaws could allow a malicious reflash, US CERT warns
Thank You !! Awesome Blog.
ReplyDeleteGreat knowledge with good concept about cyber security.
I would like to share some useful links for Cyber Security Certification and Cyber Security Tutorial.