Gigabyte has recently released a new firmware update that fixes a vulnerability in several of their motherboard models. The problem was not easy to exploit, but it could expose users of both Intel and AMD processors to the risk of malware and other exploits.
The vulnerability in question was related to a Microsoft feature called Windows Platform Binary Table (WPBT). The solution allows certain firmware developers to download and auto-execute files “behind the scenes” of the system.
Gigabyte BIOS interface example.Source: Giogabyte
Gigabyte boards use the feature to automatically install an application to update their firmware. Eclypsium, a company specializing in hardware security, discovered two vulnerabilities in this process, however.
One is that two of the URLs accessed by automatically downloading updates do not use the secure HTTP protocol and could be hacked to push malware along with the update. The second failure is that the system did not perform signature validation on downloaded files, which could catch intrusive files that were downloaded.
Update targets both glitches
Gigabyte informs in its official post the two fronts of protection offered by its latest firmware update:
“Signature Verification: Gigabyte has improved the validation process for files downloaded from remote servers. Limitations on Privileged Access: Gigabyte has enabled standard cryptographic verification on its certificates from remote servers.”
Affected models of cards are Intel’s 400, 500, 600 and 700 series, and AMD’s 400, 500 and 600 models. It is recommended to update to keep your system more secure..
Alternatively, users can disable the App Center Download & Install Configuration in the BIOS and then uninstall the Gigabyte Auto Update application in Windows.