What exactly is the BIOS?

We are talking about low-level software that is embedded on the computer’s motherboard. Its main mission is to check that all the PC hardware is working properly. By entering the BIOS we can customize everything about the operation of the PC. In addition, we can perform tasks such as enabling XMP profiles to change the RAM speed, boot from a disk or USB drive as well as overclocking.

In recent times the BIOS has been renamed to UEFI. Consequently, adding new features, although colloquially it is still colloquially called BIOS, even though it is not really BIOS anymore. There are several ways to log in from Windows 10 and Windows 11 operating systems, which we are going to start talking about right now.

Log on when turning on the computer

We can enter the BIOS when we start the computer and the manufacturer’s logo is displayed. Consequently, we must press a key when we are in that computer startup screen and thus make the BIOS visible. Normally, it is indicated at the bottom of the screen when and which key to press. Generally, the F2, Del, F4 or F8 keys usually work to enter the BIOS. However, this is not always the case. Therefore, it is good to check to see which one the system starts up with.

Of course, sometimes we do not visualize which key to press. It may be that the letters pass too fast or you can’t locate it where it says so. In such a case it may be that you have Fast Boot enabled in the BIOS or Windows Fast Startup mode. If with this method you have not been able to access the BIOS, we show you others that will surely be easier to perform or at least more intuitive.

Login from Windows

To be able to enter the BIOS from Windows we have several ways that we are going to see right now. You will see how easy it is to access from Windows, you only have to do the following:

• We enter the Windows Start menu.
• Now we must click on the Start button, that one that we pressed before giving to the one to turn off the system.
• At that moment we will see the options that always leave us that are Sleep, Restart or Shutdown.
• At that moment we must maintain pressed the Shift key and then click on Restart.

Another options

As we mentioned, there are other ways to access the BIOS, if you don’t like the one we have shown you. One such alternative is as follows:

• We enter the start menu.
• At that moment we click on Update & System, and then click on Recovery.
• Now that we are in Recovery we will see how inside Recovery Options. Accordingly, there is a function called Advanced Startup that has a button that says Restart Now. Please click on it so that the computer resets and we can enter the BIOS.

Whichever method you use, you will see a blue screen with multiple options appear in front of you. Now just follow these steps and you will be able to enter the BIOS:

• We go to Troubleshooting.
• Then we must click on Advanced Options.
• The next thing is to click on UEFI Firmware Configuration.

If we do not see the UEFI Firmware Configuration option, there are two possible explanations. The first is that the computer we are using does not have UEFI, which is quite likely if it is old. Consequently, it will have a BIOS in the classic sense. The second possibility is that the motherboard does have UEFI, but Windows 10 boots from a drive that was partitioned using MBR and not GPT. If this is the case, it is the MBR system that will force UEFI to use a legacy BIOS mode, making it impossible to access from Windows.

Access from the command prompt

We can also access the BIOS from the command prompt in a quite simple way. These are the steps to follow if you want to use this other option that we present to you:

• We enter the start menu and in the part where it allows us to write we put CMD and as soon as it detects it we must enter the command prompt, but pressing Run as Administrator.
• Once inside the command prompt we must type shutdown /r /fw in the command prompt window and press Enter.
• You should now see a screen informing you that your PC will shut down in less than a minute.
• We can also type shutdown /r /fw /t at the command prompt to eliminate the waiting period and reboot instantly.

If after doing this you get a message that says The firmware of this system does not support the bootable user interface in the firmware, it means that the motherboard does not have UEFI or there is an MBR partition. These are the ways we have in Windows 10 and Windows 11 to get into the BIOS or UEFI. As you will see it is all very simple so it does not have a great complication to get it. Very well, it has been a pleasure to show you how to access the BIOS from Windows. See you later

The post How to enter the BIOS from Windows appeared first on Linux Windows and android Tutorials.

According to ESET, this threat actor integrated the rootkit in the SPI flash module on the target computer. This allows the rootkit persistence over the system even if components like the OS and/or hard drive are replaced. That’s a very powerful ability and dangerous.

The security researchers gave the rootkit a nice name – LoJax. The name came from the malicious samples of the LoJack anti-theft software.

Signed drivers for accessing the firmware

According to the security researchers, there were 3 different types of tools on the victim’s computers where 2 of them gathers the details about the system firmware and creates a copy of the system firmware by reading the SPI flash memory module.

The last one then injects the malicious module inside the gathered firmware copy. Then, the modified copy is flashed to the SPI flash memory. Thus, ultimate persistency for the malware.

For reaching the UEFI settings, all the tools present in the rootkit uses the kernel driver of the RWEverything – a tool giving the power to modify all the settings and firmware of almost ALL the hardware. The driver comes up with a valid certificate and that’s the catch.

According to ESET, the patching tool uses various techniques for abusing the misconfiguration of the system or even bypass the SPI flash memory write protections. If the write operations are denied from the system, then the rootkit exploits a 4-years old race condition vulnerability in UEFI (CVE-2014-8273) for bypassing this defense.

The ultimate target of the rootkit is just dropping the malware into the Windows system and making sure that it integrates in the OS every time the system boots.

Defense against LoJax

Despite using advanced methods, LoJax is easily defendable with the currently available methods. First of all, make sure that you enable “Secure Boot” mechanism. This ensures that everything that’s loaded in the system firmware comes up with a valid certificate. LoJax isn’t signed, so it won’t be able to load due to “Secure Boot”.

Another very crucial thing is to make sure that your motherboard has the latest version of firmware. For upgrading your motherboard firmware, check out the official website of your motherboard vendor. After upgrading to the latest version, the firmware should fix and tighten the protection for the SPI flash memory module.

If your system has the latest firmware, you can reflash the firmware. It involves downloading the latest firmware package from motherboard vendor’s website and applying it again. Different motherboard vendors provide different ways of reflashing/updating the firmware.

LoJax is a threat for high-value targets, so general users shouldn’t be afraid of it just yet. Make sure that you take the necessary steps to tighten your system security and you’re good to go!

Cheers!

The post LoJax – First UEFI Rootkit in the Wild appeared first on Linux Windows and android Tutorials.