In business-class HP systems, they include various pre-OS tools. In addition to “HP System Diagnostics”, some older HP laptops (and perhaps desktops, but hopefully not servers) include “HP QuickLook”, a UEFI Pre-OS application which is a PIM (Personal Information Manager) for Microsoft Outlook (email, calendar, tasks, contacts).
From an HP PDF entitled “HP Business Notebook Computer EFI Guidelines”, also in below URLs:
The HP EFI partition includes the following applications, which are accessible during computer startup:
* HP QuickLook or later versions (select models)
QuickLook is a personal information manager (PIM) viewer for Microsoft(R) Outlook 2003 and 2007. QuickLook captures Microsoft Outlook email, calendar, task, and contact information, and then displays it without starting the operating system and without launching Microsoft Outlook. QuickLook can access cached Outlook information at the press of a single button, whether the computer is off or in Hibernation.
That’s rather scary. UEFI Pre-OS office applications. I’m not sure if it is a UEFI Application which gets run when you press the button, or if it is a UEFI RunTime Service, that is always running and only provides UI when button is pressed.
Plus, the EFI System Partition (ESP) is a FAT32-based partition, no file system-level security. Granted, a Unix-based system could mount the volume in such a way to help protect the contents, but on a Windows-based platform the user will have full read-write access to the HP .EFI executables.
It looks like there is a 2010-era HP QuickLook 3.2, perhaps later versions. I am not sure if this software is on modern HP UEFI systems, I don’t see it anymore on some docs, it may no longer be used, I’m not sure.
So, some business-class HP systems can be attacked via email network protocols, with added system complexity of being surrounded by a firmware suspend-resume! Network and content-media attacks are both options for this application. System administrators should check if this is installed on any modern systems, and consider the security risks -vs- the convenience this offers. Hiding inside corrupted HP PIM pre-OS app/service would be a great place for malware to hang out, or gain foothold via “a single button, whether the computer is off or in Hibernation”.