Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Taiwanese computer components maker Gigabyte has announced BIOS updates meant to remove a backdoor feature that was recently found in hundreds of its motherboards.

The issue, disclosed last week by firmware and hardware security company Eclypsium, is that the firmware of more than 270 Gigabyte motherboards drops a Windows binary that is executed at boot-up to fetch and execute a payload from Gigabyte’s servers.

A feature related to the Gigabyte App Center, the backdoor does not appear to have been exploited for malicious purposes, but threat actors are known to have abused such tools in previous attacks.

When it made its findings public, Eclypsium said it was unclear whether the backdoor was the result of a malicious insider, a compromise of Gigabyte’s servers, or a supply chain attack.

Shortly after Eclypsium published its report, Gigabyte announced the release of BIOS updates that address the vulnerability.

“Gigabyte engineers have already mitigated potential risks and uploaded the Intel 700/600 and AMD 500/400 series Beta BIOS to the official website after conducting thorough testing and validation of the new BIOS on Gigabyte motherboards,” the company announced late last week.

BIOS updates for Intel 500/400 and AMD 600 series chipset motherboards and for previously released motherboards were set to be released late last week as well.

The update resolves “the download assistant vulnerabilities reported by Eclypsium”, read the release notes for the latest BIOS available for the A520 Aorus Elite rev 1.0 motherboards.

Advertisement. Scroll to continue reading.

The update implements stricter security checks during system boot, including improved validation for files downloaded from remote servers and standard verification of remote server certificates.

The new security enhancements, the company says, should prevent attackers from inserting malicious code during boot and should guarantee that any files downloaded during this process come from servers with valid and trusted certificates.

Organizations and end users alike should review Eclypsium’s list of more than 270 affected motherboard models and, if impacted, should head to Gigabyte’s support website to check for and download any BIOS update released after June 1, 2023.

Related: MSI Confirms Cyberattack, Issues Firmware Download Guidance

Related: BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks

Related: Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.