IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

MSI to release securer BIOS settings after critical flaw discovered

The firm has admitted it essentially disabled Secure Boot on its motherboards in an attempt to improve customisability

Micro-Star International (MSI) has announced it will release new BIOS files for its motherboards following the discovery of Secure Boot settings that left approximately 290 of the company’s motherboards vulnerable to malware.

Motherboards made by the company came with insecure security options by default, in a setting that the firm has now committed to changing in a future update.

Related Resource

Threat hunting for MSPs

Are you ready to take your Managed Security Service to the next level?

Red whitepaper cover with shaded revolving target image in backgroundFree Download

Security researcher Dawid Potocki was the first to publish findings on the vulnerability after discovering that his firmware accepted any OS image, whether or not it carried a legitimate signature.

Potocki discovered that MSI had set its Secure Boot as ‘Enabled’, but the default on motherboards was ‘Always Execute’ resulting in any OS image being accepted by the firmware.

Users seeking the Microsoft-recommended Secure Boot settings would have to manually go into motherboard settings and change ‘Image Execution Policy’ to ‘Deny Execute’.

Secure Boot is a firmware process that protects the Unified Extensible Firmware Interface (UEFI), the internal architecture that handles the booting of operating systems within a computer. It validates the safety of files launched when a device starts by verifying each carries a valid signature and kills processes that fail these checks.

Threat actors that compromise core systems could take full control of a victim’s machine, leading to extensive data loss, or install malware such as a rootkit that persists even after a full system reinstall

An MSI spokesperson told IT Pro that the choice to roll out the decreased security measures came about after a review of “the product characteristic of our motherboard and target audience in the consumer market”. The firm stressed that it is in compliance with Microsoft's design guidance.

“We preemptively set Secure Boot as Enabled and 'Always Execute' as the default setting to offer a user-friendly environment that allows multiple end-users flexibility to build their PC systems with thousands, or more, of components that included their built-in option ROM, including OS images, resulting in higher compatibility configurations,” MSI stated on its dedicated subreddit.

“In response to the report of security concerns with the preset bios settings, MSI will be rolling out new BIOS files for our motherboards with 'Deny Execute' as the default setting for higher security levels. 

“MSI will also keep a fully functional Secure Boot mechanism in the BIOS for end-users so that they can modify it according to their needs.”

When IT teams or individual users can expect to receive the update has not been revealed by MSI.

The post on its subreddit has already received critical responses, pointing out that the insecure default settings were not made clear in any of the firm’s BIOS update changelogs.

The full list of affected motherboards was listed by Potocki on a GitHub repository in December, along with instructions for manually fixing the issue.

Potocki identified that the issue was first introduced in an update released around Q3 2021, but was unable to determine the specific version.

In November 2022, Lenovo patched ThinkPad, Yoga, and IdeaPad devices due to a vulnerability that allowed for UEFI Secure Boot to be deactivated.

At the time, concerns were raised over the potential for businesses to fall vulnerable to malware such as ransomware through the vulnerability, particularly given the propensity for laptops such as these to be used in an office environment.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

GTA V vulnerability exposes PC users to partial remote code execution attacks
vulnerability

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
China-backed hackers take down Amnesty International Canada for three weeks
Security

China-backed hackers take down Amnesty International Canada for three weeks

7 Dec 2022
'CryWiper' trojan disguises as ransomware, says Kaspersky
malware

'CryWiper' trojan disguises as ransomware, says Kaspersky

2 Dec 2022
Hyundai vulnerability allowed remote hacking of locks, engine
Security

Hyundai vulnerability allowed remote hacking of locks, engine

30 Nov 2022

Most Popular

What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
Windows 10 users locked out of devices by unskippable Microsoft 365 advert
bugs

Windows 10 users locked out of devices by unskippable Microsoft 365 advert

3 Feb 2023