MSI Motherboard’s BIOS Oversight Presents High Security Risk, Says Security Researcher

MSI Motherboard’s BIOS Oversight Presents High Security Risk, Says Security Researcher

An oversight in MSI’s BIOS settings has effectively left the doors open for boot files to run regardless of the result of security checks.

Image: Dawid Potocki

Dawid Potocki, a Polish security researcher, has discovered this vulnerability as he sets up Secure Boot on his new PC. This feature is designed to check on the boot files to make sure everything is digitally signed by authentic sources, preventing any unsigned code (in most cases, rootkits) from running on BIOS-level – which is difficult to recover once compromised.

Potocki says the default settings for MSI’s BIOS firmware updates since around Q3 2021 until January 2022 has been changed, in particular a setting called “Image Execution Policy”. Under this setting, affected firmware will have it set to “Always Execute”, and as the name implies – this option will boot anything bootable even if it’s unsigned code. While this setting is likely for developmental purposes only, it presents a huge security risk as malware will have effectively unrestricted access to the system’s operating system once compromised.

Image: Dawid Potocki

The impact is said to be very wide, affecting over 290 motherboards from MSI – full list here – which all have the same setting. Since this is merely a setting rather than a bug, users can fix this vulnerability by simply changing the setting for Image Execution Policy. To do that, change the settings from “Always Execute” to “Deny Execute” under Removeable Media and Fixed Media settings. That being said, it’s always important to make sure to update to latest BIOS versions in cases like this.

Source: BleepingComputer | Dawid Potocki’s research blog

Pokdepinion: That’s a huge amount of boards potentially vulnerable… it’s going to be a mess if hackers starts targeting their systems in particular.