Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Taiwanese computer components maker Gigabyte has announced BIOS updates meant to remove a backdoor feature that was recently found in hundreds of its motherboards.

The issue, disclosed last week by firmware and hardware security company Eclypsium, is that the firmware of more than 270 Gigabyte motherboards drops a Windows binary that is executed at boot-up to fetch and execute a payload from Gigabyte’s servers.

A feature related to the Gigabyte App Center, the backdoor does not appear to have been exploited for malicious purposes, but threat actors are known to have abused such tools in previous attacks.

When it made its findings public, Eclypsium said it was unclear whether the backdoor was the result of a malicious insider, a compromise of Gigabyte’s servers, or a supply chain attack.

Shortly after Eclypsium published its report, Gigabyte announced the release of BIOS updates that address the vulnerability.

“Gigabyte engineers have already mitigated potential risks and uploaded the Intel 700/600 and AMD 500/400 series Beta BIOS to the official website after conducting thorough testing and validation of the new BIOS on Gigabyte motherboards,” the company announced late last week.

BIOS updates for Intel 500/400 and AMD 600 series chipset motherboards and for previously released motherboards were set to be released late last week as well.

The update resolves “the download assistant vulnerabilities reported by Eclypsium”, read the release notes for the latest BIOS available for the A520 Aorus Elite rev 1.0 motherboards.

Advertisement. Scroll to continue reading.

The update implements stricter security checks during system boot, including improved validation for files downloaded from remote servers and standard verification of remote server certificates.

The new security enhancements, the company says, should prevent attackers from inserting malicious code during boot and should guarantee that any files downloaded during this process come from servers with valid and trusted certificates.

Organizations and end users alike should review Eclypsium’s list of more than 270 affected motherboard models and, if impacted, should head to Gigabyte’s support website to check for and download any BIOS update released after June 1, 2023.

Related: MSI Confirms Cyberattack, Issues Firmware Download Guidance

Related: BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks

Related: Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.