A vulnerability in Insyde H2O UEFI firmware allows attackers to inject digital certificates via unprotected NVRAM variables, bypassing Secure Boot protections. This flaw can enable malicious code execution during early boot, posing significant security risks to affected systems. #InsydeH2O #UEFIvulnerability
Keypoints
- A vulnerability exists in Insyde H2O UEFI firmware involving unprotected NVRAM variables.
- Attackers can inject malicious digital certificates to bypass Secure Boot restrictions.
- This allows malicious code to execute during early system startup, before OS security measures activate.
- Firmware updates from vendors are required to mitigate this security risk.
- The vulnerability affects multiple PC models across various OEM and ODM devices.
Read More: https://kb.cert.org/vuls/id/211341