TheRetroArcade
Veteran
Posts: 2,013
Joined: Feb 2026
Joined: Feb 2026
Just don't let strangers near your rig soon, or any time really.
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Intel has recently spotted a whole host of security vulnerabilities in the UEFI for many of its products, which could allow the escalation of privileges to bad actors. It's a problem worth updating your device over when updates are available, but for now, just stay vigilant of who is near your rig.
The highest severity problems on the list register a CVSS score of 8.7 (1.3 off the highest), and these both involve improper input validation, which can enable local code execution. Though local access to your rig is needed, neither 8.7 severity vulnerability involves "special internal knowledge and requires no user interaction".
Moving down to a measly 7.1 severity, one vulnerability has been spotted where the system management verifies a resource, then swaps out that resource to something else before the action can actually happen.
An example of this is checking privileges on a folder, seeing that it is accessible, then swapping that folder for another one, therefore getting into a locked folder without a password or privileged user access. In this case, it uses that access to escalate privilege. Like the rest of the exploits, this requires local access to use.
Intel clarifies it is "releasing" updates to mitigate these vulnerabilities, so we can expect them to roll out to motherboard manufacturers going forward. I've checked through many Intel motherboard manufacturers for updates, and though I've seen some updates after the publishing of Intel's findings (like this MSI Mag Z890M Gaming Plus driver), they don't note UEFI vulnerability fixes. This is to say the rollout doesn't appear to have fully happened yet.
Nonetheless, requiring local access does mean you aren't necessarily in trouble without the update for now. It's always good to stay up-to-date, in case you've found yourself unlucky enough to be found by a bad actor, but for most, it's not a huge deal.
The severity of reported problems isn't purely about ease of use. That 8.7 on the high end is a combination of complexity to use, plus how much it impacts confidentiality, integrity and availability, plus a whole pile of other factors. Severity is a good sign of how serious a problem is, but many problems will be hypothetical in nature.
Keep up to date with the most important stories and the best deals, as picked by the PC...Read more: Full article on www.pcgamer.com
What do you think about this?
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Intel has recently spotted a whole host of security vulnerabilities in the UEFI for many of its products, which could allow the escalation of privileges to bad actors. It's a problem worth updating your device over when updates are available, but for now, just stay vigilant of who is near your rig.
The highest severity problems on the list register a CVSS score of 8.7 (1.3 off the highest), and these both involve improper input validation, which can enable local code execution. Though local access to your rig is needed, neither 8.7 severity vulnerability involves "special internal knowledge and requires no user interaction".
Moving down to a measly 7.1 severity, one vulnerability has been spotted where the system management verifies a resource, then swaps out that resource to something else before the action can actually happen.
An example of this is checking privileges on a folder, seeing that it is accessible, then swapping that folder for another one, therefore getting into a locked folder without a password or privileged user access. In this case, it uses that access to escalate privilege. Like the rest of the exploits, this requires local access to use.
Intel clarifies it is "releasing" updates to mitigate these vulnerabilities, so we can expect them to roll out to motherboard manufacturers going forward. I've checked through many Intel motherboard manufacturers for updates, and though I've seen some updates after the publishing of Intel's findings (like this MSI Mag Z890M Gaming Plus driver), they don't note UEFI vulnerability fixes. This is to say the rollout doesn't appear to have fully happened yet.
Nonetheless, requiring local access does mean you aren't necessarily in trouble without the update for now. It's always good to stay up-to-date, in case you've found yourself unlucky enough to be found by a bad actor, but for most, it's not a huge deal.
The severity of reported problems isn't purely about ease of use. That 8.7 on the high end is a combination of complexity to use, plus how much it impacts confidentiality, integrity and availability, plus a whole pile of other factors. Severity is a good sign of how serious a problem is, but many problems will be hypothetical in nature.
Keep up to date with the most important stories and the best deals, as picked by the PC...Read more: Full article on www.pcgamer.com
What do you think about this?