Microsoft scraps with security analysts over vulnerability in secured-core PCs

News
By published

Security vendor says Microsoft is 'diverting attention'

security threat
(Image credit: Shutterstock.com)

Security vendor Eclypsium has reacted strongly to Microsoft refuting its report on critical vulnerabilities in the SupportAssist remote firmware update utility in Dell devices.

In its original disclosure last week, Eclypsium claimed the vulnerabilities also apply to devices in Dell’s stable that are powered-by Microsoft’s secured-core hardware-backed security feature, which runs the System Guard firmware. 

This led to Microsoft issuing a statement saying the security vendor had failed to “demonstrate how System Guard could be bypassed using the discovered vulnerabilities".

Now, Eclypsium’s VP of R&D John Loucaides has shot back at Microsoft, saying the software giant is trying to “divert attention from what we actually said".

He said, she said

In its statement, Microsoft claims the Eclypsium attack circumvents protections provided by secure boot.

The company claims that secured-core PCs, thanks to the System Guard firmware, help protect against attacks that take advantage of firmware vulnerabilities that bypass features like secure boot.

“The threat model of secured-core assumes a compromised firmware such as the case presented here, and thus the attack as described would still be subject to security verification by the firmware protection features in secured-core,” wrote Microsoft.

The software giant added that, in the attack vector described by Eclypsium, System Guard would cause the system to fail attestation, which would cause zero trust solutions like Microsoft’s conditional access to block the device from accessing protected cloud resources. 

Eclypsium, however, thinks Microsoft is unnecessarily complicating the issue by talking about cloud data security, sidestepping the fact that weakness in the pre-boot environment can be abused to access data stored on the device.

“Remote attestation for access to cloud assets is irrelevant and does nothing to prevent exploiting a vulnerability in UEFI firmware to achieve arbitrary code execution in the pre-boot environment and leveraging that to gain access to user data on the device or gain arbitrary code execution once a user logs into the system,” said Loucaides.

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
New UEFI Secure Boot flaw exposes systems to bootkits
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Hardware supply chain threats can undermine your endpoint infrastructure
Security
Intel slams Nvidia and AMD, claims chip giants have huge numbers of security flaws
Security
Microsoft reveals more on a potentially major Apple macOS security flaw
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
Best free Linux firewalls
Palo Alto firewalls have some worrying serious flaws
Latest in Security
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
Latest in News
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
More about security
A digital representation of a lock

NYU website defaced as hacker leaks info on a million students
NHS

NHS IT supplier hit with major fine following ransomware attack
The Backbone One mobile controller

'We don't intend to just build a product, we want to build a platform' — Backbone CEO on the future of its mobile gaming controller
See more latest
Most Popular
The Backbone One Xbox Edition.
I'm not waiting for a dedicated Xbox handheld any longer thanks to the new Backbone One: Xbox Edition
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Freddie Prinze Jr., Sarah Michelle Gellar, Matthew Liliard and Linda Cardinelli in Scooby Doo 2: Monsters Unleashed
Netflix is firing up the Mystery Machine with a live action Scooby-Doo series
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
Sama virtual assistant
Speak, Book, Fly. Qatar Airways debuts industry-first AI travel agent, Sama
An Apple Lumon Terminal Pro computer next to a keyboard with Severance-themed keycaps
You sadly can't buy Apple's Lumon Terminal Pro computer, but here's where to get the Severance-style keycaps
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain