Updated BIOS code and signature verification process for files downloaded from remote servers
A Secure Boot bypass flaw was actively exploited by a threat actor to install the BlackLotus UEFI bootkit
The vulnerabilities were introduced when Lenovo inadvertently included an early development driver in the commercial versions of their software
The high-severity bugs affect HP Elite 2-in-1 PCs, HP EliteBook, HP ProBook laptops, some workstations, point-of-sale systems and desktop computers
Malware found in the firmware images of Gigabyte or ASUS motherboards with the Intel H81 chipset
Millions of enterprise devices could be impacted
Because UEFI lives within a flash memory chip, any malware injected into it can survive reboots, formats and OS reinstalls
Micrososft's Secured-Core PCs intended to put a stop to UEFI rootkit shenanigans