- Liittynyt
- 13.11.2018
- Viestejä
- 59
eclypsium : " Our follow-up analysis discovered that firmware in Gigabyte systems is dropping and executing a Windows native executable during the system startup process, and this executable then downloads and executes additional payloads insecurely.
...
The “WpbtDxe.efi” module checks if the “APP Center Download & Install” feature has been enabled in the BIOS/UEFI Setup before installing the executable into the WPBT ACPI table. Although this setting appears to be disabled by default, it was enabled on the system we examined. "
Kevyt uutisointi asiasta
Ja ihan oikeata nippelitietoa asiasta
...
The “WpbtDxe.efi” module checks if the “APP Center Download & Install” feature has been enabled in the BIOS/UEFI Setup before installing the executable into the WPBT ACPI table. Although this setting appears to be disabled by default, it was enabled on the system we examined. "
Kevyt uutisointi asiasta
Millions of PC Motherboards Were Sold With a Firmware Backdoor
Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.
www.wired.com
Ja ihan oikeata nippelitietoa asiasta
Supply Chain Risk from Gigabyte App Center Backdoor - Eclypsium | Supply Chain Security for the Modern Enterprise
Updates: 1. Gigabyte has published updates related to this issue. See the Gigabyte advisory for details. 2. Eclypsium has released a PowerShell script to Github that can assist in determining whether a system is impacted. The script compares the motherboard model to the list of models known...
eclypsium.com