Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Friday January 20 2023, @09:39PM   Printer-friendly
from the one-person's-insecurity-is-another-person's-opportunity dept.

MSI accidentally disables Secure Boot on hundreds of its motherboards:

One of the latest MSI UEFI updates accidentally disabled Secure Boot technology on hundreds of its motherboards, reports Bleeping Computer. As a consequence, over 290 motherboards for AMD and Intel processors can run insecure operating systems, which can be harmful.

MSI's firmware update version 7C02v3C released on January 18, 2022, comes with Image Execution Policy set to 'Always Execute' by default, which allows the PC to boot an operating system that lacks proper signature by its developer. This means that a computer can boot an OS that may have been tampered with, which is an insecure policy as the operating system may be infected or have malicious intent.

The discovery was recently made by Polish security researcher named Dawid Potocki. The researcher noted that he contacted MSI, but did not receive any response, which essentially means that so far the motherboard maker has not fixed its Secure Boot.

See article for a list of motherboard models.


Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by janrinok on Saturday January 21 2023, @08:57AM

    by janrinok (52) Subscriber Badge on Saturday January 21 2023, @08:57AM (#1287866) Journal
    https://www.tomshardware.com/news/msi-preps-secure-boot-motherboard-firmware [tomshardware.com]

    MSI has assured users on Reddit that the company will soon deploy a fix for a Secure Boot bug affecting a plethora of AMD and Intel motherboards. The new firmware will rectify the error and enforce tighter security settings.

    "MSI implemented the Secure Boot mechanism in our motherboard products by following the design guidance defined by Microsoft and AMI before the launch of Windows 11. We preemptively set Secure Boot as Enabled and "Always Execute" as the default setting to offer a user-friendly environment that allows multiple end-users flexibility to build their PC systems with thousands (or more) of components that included their built-in option ROM, including OS images, resulting in higher compatibility configurations. For users who are highly concerned about security, they can still set "Image Execution Policy" as "Deny Execute" or other options manually to meet their security needs."

    "In response to the report of security concerns with the preset bios settings, MSI will be rolling out new BIOS files for our motherboards with 'Deny Execute' as the default setting for higher security levels. MSI will also keep a fully functional Secure Boot mechanism in the BIOS for end-users so that they can modify it according to their needs."

    Although MSI's new firmware will fully restore Secure Boot's function, users can still go into the BIOS and fiddle with the individual settings themselves. Unfortunately, the motherboard vendor didn't specify an exact date on when the new firmware will be available to users. However, given the severity of the issue, it shouldn't be long before the rollout commences.

    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4