Encryption, Vulnerability Management, Threat Intelligence

Significant PKfail vulnerability continues to be prevalent

Share
Many different letters, numbers and special symbols, and silhouette of key as symbol of password. Concept of strong password creating, password-protected data, information security

Almost 800 of more than 10,000 firmware images continue to leverage cryptographic keys exposed by the PKfail vulnerability, tracked as CVE-2024-8105, months after the discovery of the issue, posing an increased risk of being subjected to UEFI bootkit malware intrusions, according to BleepingComputer.

American Megatrends keys accounted for most of the vulnerable firmware, followed by those from Insidye and Phoenix, a report from Binarly showed. "Based on our data, we found PKfail and non-production keys on medical devices, desktops, laptops, gaming consoles, enterprise servers, ATMs, POS terminals, and some weird places like voting machines," said the report, which also noted the vulnerability's impact on Minisforum, Beelink, and Hardkernel devices. Numerous vendors, including Dell, Intel, Gigabyte, Fujitsu, and Supermicro, have already issued alerts regarding the issue although not all have acted quickly to notify users about the risks of PKfail. Organizations have been urged to isolate or restrict physical access to devices unlikely to be patched for PKfail.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.