Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,714
6
82,089
8,389
54
The Netherlands
Content source
https://www.bleepingcomputer.com/news/security/gigabyte-motherboards-vulnerable-to-uefi-malware-bypassing-secure-boot/
Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls.

The vulnerabilities could allow attackers with local or remote admin permissions to execute arbitrary code in System Management Mode (SMM), an environment isolated from the operating system (OS) and with more privileges on the machine.

Mechanisms running code below the OS have low-level hardware access and initiate at boot time. Because of this, malware in these environments can bypass traditional security defenses on the system.
Click to expand...
The four vulnerabilities are in Gigabyte firmware implementations and were discovered by researchers at firmware security company Binarly, who shared their findings with Carnegie Mellon University’s CERT Coordination Center (CERT/CC).

The original firmware supplier is American Megatrends Inc. (AMI), which addressed the issues after a private disclosure but some OEM firmware builds (e.g. Gigabyte's) did not implement the fixes at the time.
Click to expand...
Binarly researchers notified Carnegie Mellon CERT/CC about the issues on April 15 and Gigabyte confirmed the vulnerabilities on June 12, followed by the release of firmware updates, according to CERT/CC.

However, the OEM has not published a security bulletin about the security problems that Binarly reported. BleepingComputer has emailed the hardware vendor a request for comment but we are still waiting for their response.

Meanwhile, Binarly founder and CEO Alex Matrosov told BleepingComputer that Gigabyte most likely hasn’t released fixes. With many of the products already having reached end-of-life, users should not expect to receive any security updates.
Click to expand...
Computers from various OEMs using Gigabyte motherboards may be vulnerable, so users are advised to monitor for firmware updates and apply them promptly.
Click to expand...
www.bleepingcomputer.com

Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot

Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
Reactions: Brownie2019, Sorrento, harlan4096 and 2 others
You must log in or register to reply here.

You may also like...