Spain
Portugal
For more than a year, the secure boot feature on MSI motherboards had a vulnerability and allowed malicious code to run.
The error was discovered by David Potocki, a researcher from Poland, who repeatedly made attempts to contact the developer and did not receive a response.
As it turned out, more than 290 Intel and AMD-based MSI motherboards with the latest firmware version are affected by a problem in the default UEFI secure boot settings, which allow you to run any OS image regardless of whether it has an incorrect or completely missing signature.
Secure Boot is a feature built into the firmware of UEFI motherboards that ensures that only trusted (signed) software can be executed during the boot process.
To check the security of boot loaders, OS kernels and other important system components, the function uses a PKI (public key infrastructure), which authenticates the software and determines the reliability at each boot.
The security system is designed to prevent UEFI bootkits/rootkits from running on the computer and to warn users about OS changes.
The researcher found out that the updated version of the MSI 7C02v3C firmware, released on January 18, 2022, included changes to the default secure boot settings on MSI motherboards so that the system will boot even if it detects security breaches.
The "image execution policy" parameter in the firmware has changed to the default value "always execute", which allowed any image to boot the device in normal mode.
The researcher explained that in order to eliminate the threat, users need to set the execution policy to "prohibit execution" for "removable media" and "fixed media", which will allow downloading only signed software.
At the same time, according to the researcher, MSI never documented this maneuver, so he had to track the chronology of the introduction of an unsafe default value using IFR (representation of the internal UEFI form) to extract information about configuration parameters.
The results allowed him to determine which MSI motherboards are vulnerable. The full list includes more than 290 motherboards and is available on GitHub.
Users of the MSI motherboards listed in the list are advised to consult the BIOS settings and make sure that the "image execution policy" parameter is set to a safe value.
