The latest firmware update for MSI motherboards broke a key security feature, exposing countless computers to malware risk (opens in new tab) and other threats, a security researcher has claimed.
Researcher Dawid Potocki discovered that the recently released firmware update version 7C02v3C changed the default secure boot setting on MSI motherboards, allowing the boot process to even run software that is unsigned or has had its signature changed due to changes.
In other words, software that would otherwise have stopped running due to maliciousness is now allowed to start.
Changing the default settings
“I decided to set up Secure Boot on my new desktop using sbctl. Unfortunately, I’ve found that my firmware will accept any OS image I’ve given it, whether it’s trusted or not,” Potocki wrote. “As I found out later on 12/16/2022, it wasn’t just broken firmware; MSI had changed their default secure boot settings to allow booting in case of security breaches (!!).”
The firmware setting changed with the latest patch was “Image Execution Policy” which now defaults to “Always Execute”. According to Potocki, users must set the execution policy for “Removable Media” and “Fixed Media” to “Deny Execute”. This way, only signed software is allowed to run at boot.
> Acer fixes a major laptop bug that allows hackers to disable secure boot
> What Microsoft’s Secure Boot means for the future of Linux
> These are the best firewalls out there (opens in new tab)
Potocki further claimed MSI never documented the change, but after doing a little research discovered that almost 300 models were affected, including many Intel and AMD-based motherboards. Even some brand new devices have been affected, he added.
Secure Boot is MSI’s security system designed to prevent UEFI malware such as bootkits and rootkits. This type of malware is particularly dangerous because even deleting the operating system does not remove it from the device.
MSI is currently silent on the matter, but should the company respond to media inquiries, we’ll update the article accordingly.
- Here’s our rundown of the best endpoint protection software (opens in new tab)
Above: Beeping computer (opens in new tab)
This article was previously published on Source link