Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Mysterious BIOS security flaw affects Gigabyte motherboards

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

July 6, 2016

Motherboard maker Gigabyte is having some problems with low-level security vulnerabilities that allow potential attackers to remotely turn off flash protection, secure boot, and tamper with firmware on personal computers made by Lenovo and a few other vendors.

There are unconfirmed reports that suggest Gigabyte has used the ThinkPwn vulnerable code, thought to be born of Intel reference code on four of its motherboards-- the Z68-UD3H, Z77X-UD5H, Z87MX-D3H, and Z97-D3H units.

Researcher Dmytro Oleksiuk revealed the vulnerabilities in a post to Github stating that can “disable flash write protection and infect platform firmware, disable Secure Boot, and bypass Virtual Secure Mode on Windows 10 Enterprise” thanks to a flaw in the SystemSmmRuntimeRt UEFI driver.

Alex James then reported that Gigabyte looks affected by the System Management Mode BIOS security vulnerability that many other Gigabyte models are likely affected.

Further comments by other security researchers claim that a few HP Pavillion lines may also be affected by the flaw as well.

Many more will likely be added to the list that curious hackers and vendors peer into the internals of their PCs.

Lenovo labelled the security hole in its advisory as industry-wide with a high severity rating.

Lenovo fired a salvo at Oleksiuk for his uncoordinated disclosure adding that its internal security team made "several unsuccessful attempts" to stuff a responsible disclosure gag in the researcher's mouth before his zero day drop.

Lenovo is working hard on a fix and the rest of the industry is scrambling its resources as well, reports say.

Source: Lenevo.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer