Security News > 2023 > June > GIGABYTE releases new firmware to fix recently disclosed security flaws
GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware.
The firmware updates were released last Thursday in response to a report by hardware security company Eclypsium, who found flaws in a legitimate GIGABYTE feature used to install a software auto-update application in Windows.
The problem is that two of the URLs used to download the software utilize non-secure HTTP connections, which can be hijacked in MiTM attacks to install malware instead. Furthermore, the researchers found that GIGABYTE did not perform any signature verification for downloaded files, which could prevent malicious or tampered files from being installed.
In response, GIGABYTE has now released firmware updates for Intel 400/500/600/700 and AMD 400/500/600 series motherboards to fix these issues.
"2. Privilege Access Limitations: GIGABYTE has enabled standard cryptographic verification of remote server certificates. This guarantees that files are exclusively downloaded from servers with valid and trusted certificates, ensuring an added layer of protection." - GIGABYTE. While the risks from these vulnerabilities is likely low, all GIGABYTE motherboard users are advised to install the latest firmware updates to benefit from the security fixes.
If you wish to remove the GIGABYTE auto-update application, you should first turn off the 'APP Center Download & Install Configuration' setting in the BIOS and then uninstall the software in Windows.