The latest firmware update for MSI motherboards broke a key security feature, exposing countless PCs to malware. (Opens in a new tab) And other threats, a security expert claimed.
Researcher Dawid Potocki discovered that the recently released firmware update version 7C02v3C changed the default secure boot setting on MSI motherboards, allowing the boot process to run unsigned software, or whose signature has been changed due to modifications.
In other words, programs that could have been turned off due to being malicious will now be allowed.
Change default settings
“I decided to set up Secure Boot on my new desktop with the help of sbctl. Unfortunately, I discovered that my firmware was accepting every OS image I gave it, regardless of whether it was trusted or not,” Potocki wrote. “As I found out later on 2022-12-16, it wasn’t just a broken firmware; MSI had changed the secure boot defaults to allow booting on security violations (!!).”
The firmware setting that was changed with the latest patch was “Image Execution Policy”, which is now set to “Always Execute” by default. According to Potocki, users need to set the execution policy to “deny execution” for “removable media” and “fixed media”. This way, only signed programs will be allowed to run at boot.
Potocki further claimed that MSI never documented the change, but after a bit of research, it discovered that nearly 300 models were affected, including several Intel and AMD-based motherboards. He added that even some new devices are affected.
Secure Boot is an MSI security system designed to prevent UEFI malware, such as boot kits and rootkits. This type of malware is particularly dangerous because even scanning the operating system does not remove it from the device.
MSI is currently silent on the matter, but if the company responds to media inquiries, we will update the article accordingly.
Via: BleepingComputer (Opens in a new tab)