The latest firmware update for MSI motherboards broke a major security feature, putting countless computers at risk of malware (opens in new tab) and other threats, a security expert has claimed.
Researcher Dawid Potocki discovered the recently-released firmware update version 7C02v3C changed the default Secure Boot setting on MSI motherboards, allowing the boot process to run even software that is unsigned, or that has had its signature changed due to modifications.
In other words, software that would have otherwise been stopped from running due to being malicious, will now be allowed to start.
Changing the default settings
“I decided to setup Secure Boot on my new desktop with the help of sbctl. Unfortunately, I have found that my firmware was accepting every OS image I gave it, no matter if it was trusted or not,” Potocki wrote. “As I have later discovered on 2022-12-16, it wasn’t just broken firmware; MSI had changed their Secure Boot defaults to allow booting on security violations(!!).”
The firmware setting that was changed with the latest patch was “Image Execution Policy”, which is now set to “Always Execute” by default. According to Potocki, users need to set the Execution Policy to “Deny Execute” for “Removable Media”, and “Fixed Media”. That way, only signed software will be allowed to run at boot.
Potocki further claimed MSI never documented the change, but after a bit of digging, discovered that almost 300 models were affected, including many Intel and AMD-based motherboards. Even some brand new devices are affected, he added.
Secure Boot is MSI’s security system built to prevent UEFI malware, such as bootkits and rootkits. This type of malware is particularly dangerous as even wiping the operating system does not remove it from the device.
MSI is currently silent on the matter, but should the company respond to media inquiries, we’ll update the article accordingly.
Via: BleepingComputer (opens in new tab)
