Published in PC Hardware

Gigabyte patches 270 motherboard models

by on06 June 2023

Hidden code in updater program

Gigabyte has patched more than 270 motherboard models for a security flaw that allowed threat actors to push malware through the device’s firmware.

The hole was discovered by cybersecurity researchers from Eclypsium who said the devices had a hidden mechanism that quietly runs an updater program that connects to a remote server, and downloads and runs software.

The updater was said to have been implemented insecurely, potentially allowing threat actors to hijack it and have it download and install malware. As this would put the malware in the motherboard’s firmware, it would persist even after the hard drive was replaced.

Gigabyte's new fix, addresses firmware updates for Intel 400/500/600/700 and AMD 400/500/600 series motherboards. 

"To fortify system security, GIGABYTE has implemented stricter security checks during the operating system boot process. These measures are designed to detect and prevent any possible malicious activities, providing users with enhanced protection,” the company said in an announcement.

This enhanced protection includes signature verification and privilege access limitations. That means that the files being downloaded through the updater will be checked for integrity and legitimacy, making it more difficult to abuse the tool to drop malware. Furthermore, the updater now features standard cryptographic verification of remote server certificates, guaranteeing the files are only downloaded from pre-approved servers, the outfit said.

Even though the risk of the flaw being abused to drop malware is relatively small, Gigabyte still advises all of its users to apply the latest firmware as soon as possible.

Last modified on 06 June 2023
Rate this item
(2 votes)