Microsoft scraps with security analysts over vulnerability in secured-core PCs

Security vendor says Microsoft is ‘diverting attention’

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security vendor Eclypsium has reacted strongly toMicrosoftrefuting its report oncritical vulnerabilitiesin the SupportAssist remote firmware update utility inDell devices.

In its original disclosure last week,Eclypsium claimedthe vulnerabilities also apply to devices inDell’s stable that are powered-by Microsoft’ssecured-corehardware-backed security feature, which runs the System Guard firmware.

This led to Microsoft issuing a statement saying the security vendor had failed to “demonstrate how System Guard could be bypassed using the discovered vulnerabilities".

Now, Eclypsium’s VP of R&D John Loucaides has shot back at Microsoft, saying the software giant is trying to “divert attention from what we actually said".

He said, she said

In its statement, Microsoft claims the Eclypsium attack circumvents protections provided by secure boot.

The company claims that secured-core PCs, thanks to the System Guard firmware, help protect against attacks that take advantage of firmware vulnerabilities that bypass features like secure boot.

“The threat model of secured-core assumes a compromised firmware such as the case presented here, and thus the attack as described would still be subject to security verification by the firmware protection features in secured-core,” wrote Microsoft.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The software giant added that, in the attack vector described by Eclypsium, System Guard would cause the system to fail attestation, which would cause zero trust solutions like Microsoft’s conditional access to block the device from accessing protected cloud resources.

Eclypsium, however, thinks Microsoft is unnecessarily complicating the issue by talking about cloud data security, sidestepping the fact that weakness in the pre-boot environment can be abused to access data stored on the device.

“Remote attestation for access to cloud assets is irrelevant and does nothing to prevent exploiting a vulnerability in UEFI firmware to achieve arbitrary code execution in the pre-boot environment and leveraging that to gain access to user data on the device or gain arbitrary code execution once a user logs into the system,” said Loucaides.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

I’m canceling Prime Video for Apple TV Plus this month – here are 5 reasons why