MSI to release securer BIOS settings after critical flaw discovered
The firm has admitted it essentially disabled Secure Boot on its motherboards in an attempt to improve customisability
Micro-Star International (MSI) has announced it will release new BIOS files for its motherboards following the discovery of Secure Boot settings that left approximately 290 of the company’s motherboards vulnerable to malware.
Motherboards made by the company came with insecure security options by default, in a setting that the firm has now committed to changing in a future update.
RELATED RESOURCE
Threat hunting for MSPs
Are you ready to take your Managed Security Service to the next level?
Security researcher Dawid Potocki was the first to publish findings on the vulnerability after discovering that his firmware accepted any OS image, whether or not it carried a legitimate signature.
Potocki discovered that MSI had set its Secure Boot as ‘Enabled’, but the default on motherboards was ‘Always Execute’ resulting in any OS image being accepted by the firmware.
Users seeking the Microsoft-recommended Secure Boot settings would have to manually go into motherboard settings and change ‘Image Execution Policy’ to ‘Deny Execute’.
Secure Boot is a firmware process that protects the Unified Extensible Firmware Interface (UEFI), the internal architecture that handles the booting of operating systems within a computer. It validates the safety of files launched when a device starts by verifying each carries a valid signature and kills processes that fail these checks.
Threat actors that compromise core systems could take full control of a victim’s machine, leading to extensive data loss, or install malware such as a rootkit that persists even after a full system reinstall.
An MSI spokesperson told IT Pro that the choice to roll out the decreased security measures came about after a review of “the product characteristic of our motherboard and target audience in the consumer market”. The firm stressed that it is in compliance with Microsoft's design guidance.
“We preemptively set Secure Boot as Enabled and 'Always Execute' as the default setting to offer a user-friendly environment that allows multiple end-users flexibility to build their PC systems with thousands, or more, of components that included their built-in option ROM, including OS images, resulting in higher compatibility configurations,” MSI stated on its dedicated subreddit.
“In response to the report of security concerns with the preset bios settings, MSI will be rolling out new BIOS files for our motherboards with 'Deny Execute' as the default setting for higher security levels.
“MSI will also keep a fully functional Secure Boot mechanism in the BIOS for end-users so that they can modify it according to their needs.”
When IT teams or individual users can expect to receive the update has not been revealed by MSI.
The post on its subreddit has already received critical responses, pointing out that the insecure default settings were not made clear in any of the firm’s BIOS update changelogs.
The full list of affected motherboards was listed by Potocki on a GitHub repository in December, along with instructions for manually fixing the issue.
Potocki identified that the issue was first introduced in an update released around Q3 2021, but was unable to determine the specific version.
In November 2022, Lenovo patched ThinkPad, Yoga, and IdeaPad devices due to a vulnerability that allowed for UEFI Secure Boot to be deactivated.
At the time, concerns were raised over the potential for businesses to fall vulnerable to malware such as ransomware through the vulnerability, particularly given the propensity for laptops such as these to be used in an office environment.
-
Microsoft unveils Maia 200 accelerator, claiming better performance per dollar than Amazon and GoogleNews The launch of Microsoft’s second-generation silicon solidifies its mission to scale AI workloads and directly control more of its infrastructure
-
Infosys expands Swiss footprint with new Zurich officeNews The firm has relocated its Swiss headquarters to support partners delivering AI-led digital transformation
-
Experts welcome EU-led alternative to MITRE's vulnerability tracking schemeNews The EU-led framework will reduce reliance on US-based MITRE vulnerability reporting database
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
Two Fortinet vulnerabilities are being exploited in the wild – patch nowNews Arctic Wolf and Rapid7 said security teams should act immediately to mitigate the Fortinet vulnerabilities
-
Everything you need to know about Google and Apple’s emergency zero-day patchesNews A serious zero-day bug was spotted in Chrome systems that impacts Apple users too, forcing both companies to issue emergency patches
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
