Security News > 2023 > May > Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found "Backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format.
"Most Gigabyte firmware includes a Windows Native Binary executable embedded inside of the UEFI firmware," John Loucaides, senior vice president of strategy at Eclypsium, told The Hacker News.
The executable, per Eclypsium, is embedded into UEFI firmware and written to disk by firmware as part of the system boot process and subsequently launched as an update service.
Loucaides said the software "Seems to have been intended as a legitimate update application," noting the issue potentially impacts "Around 364 Gigabyte systems with a rough estimate of 7 million devices."
With threat actors constantly on the lookout for ways to remain undetected and leave a minimal intrusion footprint, vulnerabilities in the privileged firmware update mechanism could pave the way for stealthy firmware implants that can subvert all security controls running in the operating system plane.
Organizations are advised to apply the latest firmware updates to minimize potential risks.
News URL
https://thehackernews.com/2023/05/critical-firmware-vulnerability-in.html
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
- Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin (source)