CVE-2018-12176 Intel NUC BIOS Vulnerability (Windows 10)

Intel processors have been the victim of attackers and CVE-2018-12176 Intel NUC BIOS Vulnerability is a new threat in this series. The impact of this “vulnerability” is very high which affects the denial of service, information disclosure, and escalation of privilege. The inappropriate input validation in the firmware for Intel NUC kits normally let attackers patch the UEFI/BIOS. They patch BIOS or UEFI with unsigned updates and place arbitrary code. The security researchers Embedi have evolved a proof of concept to operate the BIOS/UEFI on several Intel NUCs.

 

So, Embedi security researchers are with a view that for an attack, you need to have access to the Intel NUC as well as administrative rights. Furthermore, this restricts the possibility of abuse – no hacking through the Internet. However, it opens up new approaches for manipulating hardware. Hence, if the attacker succeeds in gaining direct access to the devices, he can place a Trojan in the BIOS/UEFI. However, this would also survive a new installation of the OS. As a proof of concept, Embedi provides the below-given screenshot that displays a UEFI/BIOS message on the monitor.

CVE-2018-12176 Intel NUC BIOS Vulnerability (Windows 10)

CVE-2018-12176 Intel NUC BIOS Vulnerability

Following is the NUC systems list that Intel warns in the “Security Advisory INTEL-SA-00176” of the CVE-2018-12176 Intel NUC BIOS Vulnerability.

1) Intel® NUC Kit NUC7CJYH

2) Intel® NUC Kit NUC8i7HNK

3) Intel® Compute Card CD1M3128MK

4) Intel® Compute Card CD1IV128MK

5) Intel® Compute Card CD1P64GK

6) Intel® NUC Kit NUC7i7DNKE

7) Intel® NUC Kit NUC7i5DNKE

8) Intel® NUC Kit NUC7i3DNHE

9) Intel® NUC Kit NUC7i7BNH

10) Intel® NUC Kit NUC6CAYS

11) Intel® NUC Kit DE3815TYBE

12) Intel® NUC Kit NUC6i5SYH

13) Intel® NUC Kit NUC6i7KYK

14) Intel® NUC Kit NUC5PGYH

15) Intel® NUC Kit NUC5CPYH

16) Intel® NUC Kit NUC5i7RYH

17) Intel® NUC Kit NUC5i5MYHE

18) Intel® NUC Kit NUC5i3MYHE

19) Intel® NUC Kit DE3815TYBE

20) Intel® NUC Kit DN2820FYKH

21) Intel® NUC Kit D54250WYB

22) Intel® NUC Kit D53427RKE

23) Intel® NUC Kit D33217GKE

24) Intel® Compute Stick STK2mv64CC

25) Intel® Compute Stick STK2m3W64CC

26) Intel® Compute Stick STK1AW32SC

27) Intel® Compute Stick STCK1A32WFC.

To mitigate the vulnerability, the company has rolled out firmware updates for all the affected Intel Compute Sticks and NUCs. But the point of concern is that the company has rated it as very high – like 8.2 out of 10 possible points. See List of All Intel Microcode Updates for Windows 10.

To find the details and updates, you can visit the Security Advisory INTEL-SA-00176.

Source – Born’s Tech.

Tagged with 
           

  • Use Ashampoo Spectre Meltdown CPU Checker to Check Vulnerability
  • How to Check and Fix Meltdown and Spectre CPU Vulnerabilities in Windows 10
  • How to Protect Chrome from Meltdown and Spectre Vulnerabilities

  • Related Articles
  • KB4476976 Windows 10 1809 17763.292 for Testing
  • KB4023057 is Rolled Out Again to Fix 0x80070643 in Windows 10
  • Windows 10 Build 18317 Details


  • Leave a Reply

    Your email address will not be published. Required fields are marked *