Intel, AMD, Microsoft and others could be at risk if UEFI flaw is left unpatched

A lock with the Insyde Software logo in it
(Image credit: Insyde, Andriy Onufriyenko)

Researchers at Binarly, a firmware protection company that looks into software vulnerabilities, has just found major flaws in the InsydeH2O UEFI firmware that could allow remote attackers admin privileges through the interface.

InsydeH2O's UEFI is the preferred boot software interface used by Microsoft, Intel, AMD, Lenovo, Asus, HP, and many other well known hardware vendors, as an alternative to legacy BIOS modes for booting up your machine.

Intel, one of the companies that's confirmed it's been affected, announced a while back that it planned to completely replace BIOS by 2020, which it did. Along with many other OEMs, the UEFI firmware was favoured due to its many advantages, including the ability to boot from larger drives, a slicker settings UI, and speedier boot times. One of the main benefits was is its ability to SecureBoot. 

For that reason, UEFI has been widely considered the safer boot option.

As Bleeping Computer highlights, the vulnerability discovered could allow attackers to gain admin privileges, and exploit the target PC in a few ways. These include the ability to invalidate hardware security features such as SecureBoot and Intel BootGuard, install persistent software that's hard to detect and erase, as well as create backdoors and communications channels to rob users of their personal data.

Altogether, 23 flaws were detected. Ten of these could allow some nasty so-and-so privilege escalation ability, twelve could have them exploiting your PC through memory corruption flaws in System Management Mode (SMM), and one is a memory corruption vulnerability inside the Driver eXecution Environment (DXE).

Your next machine

(Image credit: Future)

Best gaming PC: the top pre-built machines from the pros
Best gaming laptop: perfect notebooks for mobile gaming

Three of the flaws are even rated a 9.8 on the severity scale, which sounds... well, not great. But don't panic, it's getting sorted. It might involve some BIOS flashing at a later date, however.

“The root cause of the problem was found in the reference code associated with InsydeH2O firmware framework code,” the Binarly report states. But Insyde has rolled out updates to address the issue. OEMs will have to adopt the changes to ensure their machines are booting safely from now, but it could take some time for the changes to reach the public.

Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been rambling about games, tech and science—rather sarcastically—for four years since. She can be found admiring technological advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. Right now she's waiting patiently for her chance to upload her consciousness into the cloud.

Read more
Pipboy holds up an open padlock.
A BIOS update could be all that's stopping you or someone else from jailbreaking your old AMD CPU
ASRock X870 Steel Legend WiFi motherboard
Reddit reports of 9800X3D CPUs dying in ASRock motherboards are racking up fast, but a new BIOS update seemingly only addresses boot problems
Robert Hallock, VP of CCG at Intel, on stage at CES 2025.
Intel unveils second round of updates intended to bring Arrow Lake desktop chips up to expectations: 'our software for the 200S has reached full performance'
Microsoft Windows 11
If you installed Windows 11 with certain security updates and a USB stick, you may not get any more security updates warns Microsoft
MSI RTX 5090 Suprim in an open test bench
RTX 50-series black screen issues should finally be fixed this week in an official Nvidia driver update
Retro 1990s style beige desktop PC computer and monitor screen and keyboard. 3D illustration.
Microsoft nixes details of its Windows 11 TPM 2.0 security bypass though there are still other ways of getting the latest OS on 'unsupported' hardware
Latest in Processors
Texas Instruments MSPM0C1104 tiny chip
World's smallest microcontroller looks like I could easily accidentally inhale it but packs a genuine 32-bit Arm CPU
Intel engineers inspect a lithography machine
Finally some good vibes from Intel as stock jumps 15% on new CEO hire and Arizona fab celebrates 'Eagle has landed' moment for its 18A node
A photo of an Intel Core Ultra 9 285K processor surrounded by DDR5 memory sticks from Corsair, Kingston, and Lexar
Fresh leak suggests Intel's on-again-off-again Arrow Lake CPU refresh is back on the menu (boys)
 photo shows a factory tool that places lids on data center system-on-chips at an Intel fab in Chandler, Arizona, in December 2023. In February 2024, Intel Corporation launched Intel Foundry as the world’s first systems foundry for the AI era, delivering leadership in technology, resiliency and sustainability.
Return of the gigahertz wars: New Chinese transistor uses bismuth instead of silicon to potentially sock it to Intel and TSMC with 40% more speed
 photo shows a factory tool that places lids on data center system-on-chips at an Intel fab in Chandler, Arizona, in December 2023. In February 2024, Intel Corporation launched Intel Foundry as the world’s first systems foundry for the AI era, delivering leadership in technology, resiliency and sustainability.
So, wait, now TSMC is supposedly pitching a joint venture with Nvidia, AMD and Broadcom to run Intel's ailing chip fabs?
Pipboy holds up an open padlock.
A BIOS update could be all that's stopping you or someone else from jailbreaking your old AMD CPU
Latest in News
Man facing camera
The Day Before studio reportedly sues Russian website for calling infamous disaster-game a 'scam'
Will Poulter holding a CD ROM
'What are most games about? Killing': Black Mirror Season 7 includes a follow-up to 2018 interactive film Bandersnatch
Casper Van Dien in Starship Troopers
Sony, which is making a Helldivers 2 movie, is also making a new Starship Troopers movie, but it's not based on the Starship Troopers movie we already have
Assassin's Creed meets PUBG
Ubisoft is reportedly talking to Tencent about creating a new business entity to manage Assassin's Creed and other big games
Resident Evil Village - Lady Dimitrescu
'It really truly changed my life in every possible way': Lady Dimitrescu actor says her Resident Evil Village role was just as transformative for her as it was for roughly half the internet in 2021
Storm trooper hero
Another live service shooter is getting shut down, this time before it even launched on Steam