3. UEFI Variable “Reinstallation”
It had been possible to call the
SetVariableAPI at runtime on a variable that did not have
RUNTIME_ACCESSpermission, causing a new variable with the same name/GUID to be created. It was possible for this new variable to be used instead of the original, protected variable.
Reported by the Advanced Threat Research team at Intel Security.