Skip to content

Over 290 MSI motherboards found vulnerable to faulty UEFI Secure Boot setting

  • by
  • 3 min read

Polish security researcher Dawid Potocki has discovered that over 290 MSI motherboards are impacted by a bug in their default UEFI Secure Boot setting that allows any operating system image to run and take over the hardware regardless of its security signature. 

The bug arises from update version 7C02V3C, released on January 18, 2022. It’s important to note that 7C02 is the codename for the B450 Tomahawk Max motherboard. Depending on your motherboard’s firmware version, you may or may not be exposed to the faulty setting. A full list of impacted keyboards is available here.

The update changes the Image Execution Policy setting in the BIOS to Always Execute by default. This makes the system boot even if the firmware detects security inconsistencies in the operating system’s signature.

This can be fixed by setting the execution policy to Deny Execute for Removable Media and Fixed Media. While it’s a relatively easy fix, the fact that it impacts a lot of motherboards leaves hundreds if not thousands of PCs in public spaces open to attacks. 

The faulty setting is enabled by default in MSI motherboards. | Source: Dawid Potocki

Secure Boot’s main job is to check the signatures of each piece of the boot software, including drivers, the OS and any EFI applications for any inconsistencies. The firmware hands over control to the OS only if the security certificates are deemed valid. 

In this case, the setting only seems to exist to satisfy Windows 11’s secure boot requirements. While the OS knows that secure boot is enabled, it isn’t actually doing anything as the motherboard firmware by default allows any other OS to take over.

The issue impacts both Intel and AMD-based motherboards, including brand-new ones. Potocki claims he tried to get in touch with MSI and inform them of the issue but did not receive a response.  The researcher also added that MSI laptops aren’t affected by the issue. 

Potocki further traced back the origins of the insecure setting using IFR (UEFI Internal Form Representation) to extract configuration options information from older firmware versions as MSI never documented the change. This information was then used to compile the aforementioned list of motherboards. 

In the News: Microsoft will soon offer ChatGPT as part of Azure OpenAI Service

>