topic Re: Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack in Threats https://community.isc2.org/t5/Threats/Just-about-every-Windows-and-Linux-device-vulnerable-to-new/m-p/65217#M997 <P>A good example of the double-edge sword of "softening" firmware through UEFI. Sure, you can update/patch it easily, which means, so too can malware. What UEFI has essentially done is to set standard procedure for malware recovery to "buy a new laptop."</P><P>&nbsp;</P><P>That said, to pull off this other other attacks would require an initial compromise of the OS (so that it could then update UEFI). Granted that is not a huge hurdle given the range of vulnerabilities.</P><P>&nbsp;</P> Fri, 08 Dec 2023 13:17:04 GMT JoePete 2023-12-08T13:17:04Z Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack https://community.isc2.org/t5/Threats/Just-about-every-Windows-and-Linux-device-vulnerable-to-new/m-p/65203#M996 <P>Hi All</P><P>&nbsp;</P><P>An interesting technique which affects Windows and Linux devices due to LogoFAIL firmware attack.</P><P>&nbsp;</P><P><A href="https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/" target="_blank">https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/</A></P><P>&nbsp;</P><P>A nice comprehensive explanation.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 07 Dec 2023 21:38:13 GMT https://community.isc2.org/t5/Threats/Just-about-every-Windows-and-Linux-device-vulnerable-to-new/m-p/65203#M996 Caute_cautim 2023-12-07T21:38:13Z Re: Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack https://community.isc2.org/t5/Threats/Just-about-every-Windows-and-Linux-device-vulnerable-to-new/m-p/65217#M997 <P>A good example of the double-edge sword of "softening" firmware through UEFI. Sure, you can update/patch it easily, which means, so too can malware. What UEFI has essentially done is to set standard procedure for malware recovery to "buy a new laptop."</P><P>&nbsp;</P><P>That said, to pull off this other other attacks would require an initial compromise of the OS (so that it could then update UEFI). Granted that is not a huge hurdle given the range of vulnerabilities.</P><P>&nbsp;</P> Fri, 08 Dec 2023 13:17:04 GMT https://community.isc2.org/t5/Threats/Just-about-every-Windows-and-Linux-device-vulnerable-to-new/m-p/65217#M997 JoePete 2023-12-08T13:17:04Z