Security News
MSI has released BIOS updates to fix a known issue that triggers blue screens of death on Windows computers after installing August 2023 preview updates. "The new BIOS coming will include an update on the Intel CPU uCode which will prevent any more messages regarding the 'UNSUPPORTED PROCESSOR' issues. This upcoming update will correspond to both 13th-generation and newer ones," MSI said on Wednesday.
MSI has officially confirmed the recent surge of blue screens of death encountered by Windows users after installing this week's optional preview updates is linked to some of its motherboard models. "MSI has received several reports of users encountering a Blue Screen of Death that has an error message that reads 'UNSUPPORTED PROCESSOR' with MSI's 600/700 series motherboards after installing the Windows 11 update, KB5029351 Preview," the company said.
Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkitFor May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug and a Secure Boot bypass flaw exploited by attackers in the wild. MSI's firmware, Intel Boot Guard private keys leakedThe cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company's private code signing keys on their dark web site.
The company's mea culpa came two days after a cyberextortion gang going by the name Money Message claimed to have stolen MSI source code, BIOS development tools, and private keys. Researchers at vulnerability research company Binarly claim not only to have got hold of the data stolen in the breach, but also to have searched through it for embedded crpyotgraphic keys and come up with numerous hits.
Intel is investigating reports that BootGuard private keys, used to protect PCs from hidden malware, were leaked when data belonging to Micro-Star International was stolen and dumped online. It's understood the private keys were generated by MSI to use with Intel's BootGuard technology, and were among internal source code and other materials taken from the computer parts maker's IT systems last month - at least some of which has since been shared on the internet.
Intel is investigating the leak of alleged private keys used by the Intel Boot Guard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices. On Friday, Alex Matrosov, the CEO of firmware supply chain security platform Binarly, warned that the leaked source code contains the image signing private keys for 57 MSI products and Intel Boot Guard private keys for 116 MSI products.
The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend.
The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company's private code signing keys on their dark web site. MSI is a corporation that develops and sells computers and computer hardware.
Rogue firmware could, in theory, be used to spy on almost everything you do on your computer, acting as a super-low-level rootkit, the jargon term for malware that exists primarily to protect and hide other malware. These days, rogue firmware downloads are generally easier to spot than they were in the past, given that they are usually digitally signed by the official vendor.
Taiwanese PC company MSI officially confirmed it was the victim of a cyber attack on its systems. The company said it "Promptly" initiated incident response and recovery measures after detecting "Network anomalies." It also said it alerted law enforcement agencies of the matter.