1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • MSI Secure Boot goes haywire for a whole host of motherboards

    From TechnologyDaily@1337:1/100 to All on Tue Jan 17 17:15:03 2023
    MSI Secure Boot goes haywire for a whole host of motherboards

    Date:
    Tue, 17 Jan 2023 17:02:54 +0000

    Description:
    MSI update broke an important security tool, allowing unsigned programs to
    run at boot.

    FULL STORY ======================================================================

    The latest firmware update for MSI motherboards broke a major security feature, putting countless computers at risk of malware and other threats, a security expert has claimed.

    Researcher Dawid Potocki discovered the recently-released firmware update version 7C02v3C changed the default Secure Boot setting on MSI motherboards, allowing the boot process to run even software that is unsigned, or that has had its signature changed due to modifications.

    In other words, software that would have otherwise been stopped from running due to being malicious, will now be allowed to start. Changing the default settings

    "I decided to setup Secure Boot on my new desktop with the help of sbctl. Unfortunately, I have found that my firmware was accepting every OS image I gave it, no matter if it was trusted or not," Potocki wrote. "As I have later discovered on 2022-12-16, it wasn't just broken firmware; MSI had changed their Secure Boot defaults to allow booting on security violations(!!)."

    The firmware setting that was changed with the latest patch was Image Execution Policy, which is now set to Always Execute by default. According to Potocki, users need to set the Execution Policy to Deny Execute for Removable Media, and Fixed Media. That way, only signed software will be allowed to run at boot. Read more

    Acer fixes major laptop bug that hackers can use to disable secure boot


    What Microsoft's Secure Boot means for the future of Linux


    These are the best firewalls around

    Potocki further claimed MSI never documented the change, but after a bit of digging, discovered that almost 300 models were affected, including many
    Intel and AMD-based motherboards. Even some brand new devices are affected,
    he added.

    Secure Boot is MSIs security system built to prevent UEFI malware, such as bootkits and rootkits. This type of malware is particularly dangerous as even wiping the operating system does not remove it from the device.

    MSI is currently silent on the matter, but should the company respond to
    media inquiries, well update the article accordingly. Here's our rundown for the best endpoint protection software

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/msi-secure-boot-goes-haywire-for-a-whole-host-o f-motherboards


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)