9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
A very lax patching system in Gigabyte motherboards leaves millions of users vulnerable to potential exploits. A patch is available. Gigabyte motherboards contain a kind of gap. This
A very lax patching system in Gigabyte motherboards leaves millions of users vulnerable to potential exploits. A patch is available.
Gigabyte motherboards contain a kind of gap. This is what Eclypsium security researchers found out. The gateway opens the door to dangerous attacks from the supply chain. The researchers point out that the error in question can only be distinguished from a deliberately placed gap by intent. In this case, Gigabyte does not appear to have acted intentionally.
The problem lies in the UEFI firmware on the mainboards. This code runs before Windows starts, so it needs to be very secure. However, on the Gigabyte motherboards, the code writes an executable file to a system’s drive. This file is then loaded and executed by Windows.
The file is used to check for Windows updates by making an insecure connection to Gigabyte update servers via HTTP. This connection method is vulnerable to hackers.
The entire update system can easily be exploited by attackers. Although no abuse has been identified at this time, Gigabyte provides a vector for so-called abuse cases supply chain-attack. Hackers can exploit the vulnerable update process, and Gigabyte’s firmware ensures that the responsible file is reloaded each time.
The action plan is questionable. By injecting code into a system’s firmware, which then runs during the boot process, the Gigabyte update tool behaves like a rootkit. The icing on the cake is the fact that the executed code introduces additional vulnerabilities.
Eclypsium notes that 364 different models of gigabyte hardware are vulnerable, affecting approximately seven million users worldwide. The company provides a list of affected models.
Gigabyte has meanwhile – somewhat ironically – provided an update for its very careless update process. The problem here is that it is not sufficient to update the respective update application as it is always restored to its original state via the UEFI firmware. Affected users must therefore update the firmware themselves.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
