Gigabyte has published a major update to the BIOS of its motherboards. The new update fixes the vulnerability in the motherboard firmware, which could be used to install malicious programs on the hardware. Users who do not want to upgrade to the new BIOS can disable the problematic feature—less work than updating a BIOS.
The vulnerability in Gigabyte’s motherboards was disclosed last week. The one responsible for finding the problem was the security company Eclypsium. Despite Gigabyte’s “quick response” in patching the vulnerability, Eclypsium revealed that the UEFI firmware issue has been around since 2018. In total, more than 270 motherboards are affected by the program that automatically updates UEFI.
Update for motherboards is on the Gigabyte website
Anyone who wants to download the BIOS update can go to the official Gigabyte website and search for the model used on their computer. Warning: the search system on the Gigabyte page is bad. Maybe playing on Google or Bing the name of your motherboard is less stressful.
Another option is to disable the automatic update in the computer’s BIOS and uninstall the program in the operating system. This solution requires you to restart the device, enter the BIOS (by clicking the button indicated on the boot screen), and disable the feature in the “Download and Installation Center” located in the “Peripherals” tab of the interface.
The new update fixes the firmware vulnerabilities. Before the update, as Eclypsium revealed, the automatic update downloaded files without verifying the authenticity and origin of the downloads. The firmware accesses three official Gigabyte websites—and two of them don’t have a secure connection.
The firmware will now verify the authenticity and origin of the downloaded file. Gigabyte has also added encryption to the verification process, making the firmware only download updates from servers with validated certificates.
Gigabyte has published a major update to the BIOS of its motherboards. The new update fixes the vulnerability in the motherboard firmware, which could be used to install malicious programs on the hardware. Users who do not want to upgrade to the new BIOS can disable the problematic feature—less work than updating a BIOS.
The vulnerability in Gigabyte’s motherboards was disclosed last week. The one responsible for finding the problem was the security company Eclypsium. Despite Gigabyte’s “quick response” in patching the vulnerability, Eclypsium revealed that the UEFI firmware issue has been around since 2018. In total, more than 270 motherboards are affected by the program that automatically updates UEFI.
Update for motherboards is on the Gigabyte website
Anyone who wants to download the BIOS update can go to the official Gigabyte website and search for the model used on their computer. Warning: the search system on the Gigabyte page is bad. Maybe playing on Google or Bing the name of your motherboard is less stressful.
Another option is to disable the automatic update in the computer’s BIOS and uninstall the program in the operating system. This solution requires you to restart the device, enter the BIOS (by clicking the button indicated on the boot screen), and disable the feature in the “Download and Installation Center” located in the “Peripherals” tab of the interface.
The new update fixes the firmware vulnerabilities. Before the update, as Eclypsium revealed, the automatic update downloaded files without verifying the authenticity and origin of the downloads. The firmware accesses three official Gigabyte websites—and two of them don’t have a secure connection.
The firmware will now verify the authenticity and origin of the downloaded file. Gigabyte has also added encryption to the verification process, making the firmware only download updates from servers with validated certificates.