Security News > 2023 > May > Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found "Backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format.

"Most Gigabyte firmware includes a Windows Native Binary executable embedded inside of the UEFI firmware," John Loucaides, senior vice president of strategy at Eclypsium, told The Hacker News.

The executable, per Eclypsium, is embedded into UEFI firmware and written to disk by firmware as part of the system boot process and subsequently launched as an update service.

Loucaides said the software "Seems to have been intended as a legitimate update application," noting the issue potentially impacts "Around 364 Gigabyte systems with a rough estimate of 7 million devices."

With threat actors constantly on the lookout for ways to remain undetected and leave a minimal intrusion footprint, vulnerabilities in the privileged firmware update mechanism could pave the way for stealthy firmware implants that can subvert all security controls running in the operating system plane.

Organizations are advised to apply the latest firmware updates to minimize potential risks.

News URL

https://thehackernews.com/2023/05/critical-firmware-vulnerability-in.html