Home › Security Center ›
Enhanced Protection of UEFI Variables
Intel ID:  INTEL-SA-00038
Product family:  Multiple Intel Products
Impact of vulnerability Denial of Service
Severity rating Important
Original release:  May 27, 2014
Last revised:  Apr 03, 2015
Summary: 

New BIOS updates are available for Intel products, enhancing the hardening of certain UEFI variables against potential modification. Intel highly recommends that users install the updates to mitigate this exposure.

 
Description: 

Intel has become aware that certain firmware implementations may not correctly protect and validate information contained in certain UEFI variables. Exploitation of such vulnerabilities could potentially lead to bypass of security features and/or denial of service for the platform. 

 
Affected products: 

Intel NUC Products

Product Name

Latest Versions

Update source

WYLPT10H.86A.0026.2014.0514.

FYBYT10H.86A.0034.2014.0513.1413

TYBYT10H.86A.0024.2014.0523.1509

 

RKPPT10H.86A.0033.2014.0519.1931

 

Intel Quark Products

Product Name

Latest Versions

Update source

Intel® Galileo board

1.0.1 

Intel® Galileo board Generation 2 (pre-release)

1.0.1

Intel® Quark™ SoC X1000 Industrial/Energy Reference Design (Cross Hill, pre-release)

1.0.1

Intel® Quark™ SoC X1000 Transportation Reference Design (Clanton Hill, pre-release)

1.0.1

 

Intel Server Products

Product Name

Latest Versions

Update source

R02.03.0003

R02.03.0003

R02.01.0004

R02.03.0003

R02.03.0003

R02.02.0004

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R0052

R02.03.0003

R02.03.0003

R0064

R0064

R0064

R0064

R0064

R0064

R0064

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.01.0004

R02.03.0003

R0042

R02.03.0003

R02.03.0003

R02.03.0003

R02.03.0003

R02.02.0004

R02.01.0004

R02.03.0003

 
Recommendations: 

To mitigate these issues, Intel is releasing firmware updates for our impacted products. Intel highly recommends that users install the updates to mitigate this exposure.

 
Acknowledgements: 

Intel would like to thank the following organizations for reporting this issue and working with us: Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of the MITRE Corporation and Advanced Threat Research and Security Center of Excellence from Intel.

 
 
Revision history: 
Revision
Date
Description
1.0
27-May-2014
Initial Release
1.1
29-May-2014 
Updated affected products
1.2
03-Apr-2015
Updated affected products

Disclaimer:

INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” IN CONNECTION WITH INTEL® PRODUCTS. YOUR USE OF THE INFORMATION IN THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. INTEL RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT.

© 2013, Intel Corporation