As Gigabyte is battling this problem, Asus also finds itself in the crossfire following a huge AMD Ryzen 7000 controversy. Motherboards, in general, have had their share of troubles lately. We also recommend setting a BIOS password to add an extra layer of security. Once you’re on the options screen, navigate to the App Center Download & Install feature and disable it. This is most commonly done by tapping the F2 or Del key over and over during the time when your PC is starting up, but if that doesn’t work, check out our guide on how to use the BIOS to see if there are any other keys you might need to mash here. It’s unclear whether using it would affect the board warranty at this point.įortunately, Eclypsium has also provided a couple of fixes that can tide you over until Gigabyte clears everything up. This means that owners of Intel 700/600 or AMD 500/400 boards could go ahead and download the update and stay safe, but using a beta version of the BIOS comes with some risks of its own.
The company released an official statement, saying that its engineers have already addressed the potential risks in the latest beta version of the BIOS. Gigabyte is working with Eclypsium in order to fix this issue. Eclypsium goes into a lot of detail in its report as to what the dangers of this vulnerability are, so make sure to read it here if you’re interested. Perhaps the worst thing of all is that the firmware download occurs during system start-up, so you’d likely be none the wiser until it would be too late. As such, not even reinstalling the operating system and wiping your drives clean would be enough to get rid of them. UEFI rootkits and implants, which are a type of malware, also pose a great threat because they’re executed before your system even starts up. From there, they could gain full access to the affected PC and network.
Let’s go over them quickly.įor one, hackers could exploit vulnerable software built into a computer’s firmware in order to pose as a legitimate feature. While this is a quite sophisticated and situational hack, if a threat actor or hacker group manages to carry out the attack, the consequences could be disastrous. To make matters worse, out of the three possible download locations for Gigabyte’s firmware, one of them is only using a plain HTTP address instead of HTTPS, further lowering the security of the downloading process. Still, this could be dangerous and awfully difficult to get rid of.
This is because the attacker would have to be using the same network as you in order to divert the software updater to download a harmful payload instead of a new firmware update. The list of risks is huge, but individual users are in less danger than organizations that run multiple computers equipped with Gigabyte boards.
0 kommentar(er)
