The hottest firmware update for MSI motherboards broke a key stability characteristic, placing countless desktops at danger of malware (opens in new tab) and other threats, a safety qualified has claimed.
Researcher Dawid Potocki identified the not too long ago-released firmware update variation 7C02v3C modified the default Secure Boot location on MSI motherboards, allowing the boot method to run even program that is unsigned, or that has experienced its signature changed because of to modifications.
In other words, software program that would have in any other case been stopped from working owing to becoming malicious, will now be authorized to commence.
Modifying the default configurations
“I determined to setup Protected Boot on my new desktop with the assist of sbctl. However, I have uncovered that my firmware was accepting every OS picture I gave it, no subject if it was trusted or not,” Potocki wrote. “As I have later on found out on 2022-12-16, it was not just broken firmware MSI had adjusted their Safe Boot defaults to permit booting on protection violations(!!).”
The firmware location that was modified with the most recent patch was “Image Execution Policy”, which is now set to “Always Execute” by default. According to Potocki, users require to established the Execution Plan to “Deny Execute” for “Removable Media”, and “Fixed Media”. That way, only signed program will be permitted to run at boot.
Potocki additional claimed MSI never ever documented the alter, but right after a bit of digging, discovered that nearly 300 products have been afflicted, including numerous Intel and AMD-dependent motherboards. Even some model new devices are influenced, he extra.
Safe Boot is MSI’s stability method constructed to stop UEFI malware, these as bootkits and rootkits. This sort of malware is particularly unsafe as even wiping the operating process does not clear away it from the device.
MSI is at present silent on the make a difference, but ought to the firm answer to media inquiries, we’ll update the report appropriately.
Through: BleepingComputer (opens in new tab)
