In a previous blog covering one of Binarly’s presentations at the Black Hat 2022 conference, we discussed in detail our research on attacks that disable Windows Management Instrumentation (WMI) and blind an entire class of endpoint security solutions. We introduced a template for attacks, dubbed ‘one-bit change attack’, on objects residing inside the WMI service address space. We also demonstrated another way to disable WMI by isolating the WMI service from the rest of the operating system through a sandboxing attack.

Only two months have passed since our Black Hat talk where we spoke about a bunch of discovered vulnerabilities. Our presentation at Black Hat revealed 12 serious vulnerabilities affecting enterprise devices industry-wide. The Binarly security research team continues to find evidence of repeatable failures in the firmware development ecosystem, exposing critical vulnerabilities that impact the entire industry rather than just a single vendor.

We promised to release the new version of efiXplorer with ARM-based firmware support last week at the inaugural LABScon event. This is one of the most important releases since the project began in February of 2020. In the beginning, efiXplorer focused primarily on x86-based firmware analysis, but after seeing the growth of ARM-based servers and laptops, we are now adding support for ARM.