Advisory ID: NCC-CSIRT-1801-004
Summary: Dawid Potocki, a Polish (Poland) security researcher discovered many MSI motherboards to be affected due to changes in the default UEFI secure boot setting. The setting allows any operating system image to run even if it detects security violations. The issue impacts many Intel and AMD-based MSI (Micro-Star International Co., LTD) motherboards that use a recent firmware update version (version 7C02v3C). Moreover, it affects even the brand-new MSI motherboard models.
Vulnerable Platform(s): Operating Systems
Threat Type:
- Data Loss
Product : Intel and AMD-based MSI motherboards
Version: Intel and AMD-based MSI motherboards that run firmware update version 7C02v3C
Description: Secure Boot is a security feature built into the firmware of UEFI (Unified Extensible Firmware Interface) motherboards that ensures only trusted (signed) software can execute during the boot process. When the computer system starts, the firmware checks the signature of each piece of boot software. If it is valid, the computer boots, and the firmware gives control to the operating system. While, if the software is unsigned or its signature has modified, the boot process will be stopped by Secure Boot to protect the data stored on the computer, and to warn users that their operating system has been tampered with.
According to the researcher, the changes on the UEFI Secure Boot Setting for the Intel and AMD-Based MSI Motherboards was to mistakenly set the image execution Policy setting in the Firmware to always execute by default, allowing any image to boot the device as normal even if it detects security violations.
Consquences:
Loss of data stored on the computer.
Impact/Probability: CRITICAL/HIGH
Solution :
If you are using an MSI motherboard, go over to BIOS settings and check that the "Image Execution Policy" is set to a safe option.