Security News > 2023 > June > Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards

Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards
2023-06-02 18:56

Researchers at firmware and supply-chain security company Ecylpsium claim to have found what they have rather dramtically dubbed a "Backdoor" in hundreds of motherboard models from well-known hardware maker Gigabyte.

You can reinstall Windows at any time, and a standard Windows image doesn't know whether you're going to be using a Gigabyte motherboard or not, so it doesn't come with GigabyteUpdateService.

Gigabyte therefore uses a Windows feature known as WPBT, or Windows Platform Binary Table.

WPBT provides a mechanism for firmware makers to store a Windows executable file in their BIOS images, load it into memory during the firmware pre-boot process, and then tell Windows, "Once you've unlocked the C: drive and started booting up, read in this block of memory that I've left lying around for you, write it out to disk, and run it early in the startup process."

Well, in the same way that the Gigabyte firmware contains an embedded IMAGE SUBSYSTEM NATIVE WPBT program that it "Drops" into Windows.

Exe baked into it, and unless and until you update your firmware, you'll carry on getting that hard-wired version of the APP Center updater service "Introduced" into Windows for you at boot time.


News URL

https://nakedsecurity.sophos.com/2023/06/02/researchers-claim-windows-backdoor-affects-hundreds-of-gigabyte-motherboards/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Gigabyte 7 0 0 4 3 7