For folks who aren't aware or simply don't remember: back in the late 2000s and early 2010s, a lot of PC vendors started leveraging UEFI to add special features to their machines, particularly laptops. A lot of these "features" were hideous hackjobs that presented more of a security threat than a value-add. I'm certain there are all sorts of vendor-specific UEFI vulns to be discovered thanks to those machines.
HP, for example, had a standalone UEFI app that provided a simple interface into Outlook that only took a couple seconds to boot. They also had a program that embedded itself into their laptops' SMM that showed your Outlook calendar while Windows was booting.
HP, for example, had a standalone UEFI app that provided a simple interface into Outlook that only took a couple seconds to boot. They also had a program that embedded itself into their laptops' SMM that showed your Outlook calendar while Windows was booting.
reply