Pretty much all Windows and Linux computers are vulnerable to this new cyberattack

Millions of Windows and Linux devices could be at risk

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from Binarly have found a flaw that they claim affects virtually every Windows and Linux-powered machine in use today.

The flaw, dubbed LogoFAIL, allows threat actors to execute malicious code on the endpoint in a way that renders practically every antivirus orendpoint protection toolout there - useless.

Regardless of the computer you have, whenever you boot it up, you’ll first see a logo from the device’s manufacturer. While the logo is being displayed, the Unified Extensible Firmware Interface (UEFI) is still running. UEFI, the researchers claim, has been vulnerable to roughly two dozen flaws for years now. By chaining together and exploiting the flaw, an attacker could replace this image with a different one, capable of hosting malicious code.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Simple attack

The image can be identical to the original one, in order not to arouse any suspicion. Still, UEFI will read and execute the code hosted there. And given the fact that the code is being executed so early in the boot stage, no security features or antivirus programs will flag it.

Secure Boot,Intel’s Boot Guard, and other similar solutions designed to protect from bootkit infections are practically useless here. These two dozen vulnerabilities have collectively been named LogoFAIL.

The devices deemed vulnerable to LogoFAIL include the entire x64 andARMCPU ecosystem - UEIF suppliers AMI, Insyde, Phoenix, device manufacturersLenovo,Dell,HP, CPU devices Intel, andAMD. Patches are already available, but they differ from manufacturer to manufacturer. Users are advised to find the corresponding advisory and learn how to patch the vulnerability up.

In practice, pulling this attack off means the threat actors will need to have gained access to the device beforehand. Unfortunately, there are countless ways they can do that, the researchers said, from abusing an unpatched browser vulnerability, to briefly physically accessing the device. The act of replacing the image is relatively easy to pull off, they said.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

LogoFAIL is being tracked as CVE-2023-5058, CVE-2023-39538, CVE-2023-39539, and CVE-2023-40238.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case