The replacement of firmware UEFI-based motherboard BIOS has not only had the effect of modernizing its interface. One of the possibilities offered by UEFI is to “push” the installation of software into the operating system, in particular Windows.
This can be practical, for example to implement drivers that are not present in Windows; we are thinking in particular of network or wifi card drivers. Motherboard manufacturers take the opportunity to install a whole string of more or less useful software to manage the motherboard.
The security company Eclypsium has just pinned Gigabyte, pointing to no less than 264 motherboards using this function which installs software directly in Windows. Eclypsium blames Gigabyte motherboards for downloading software insecurely. Malicious people could interfere in this process to make your motherboard download unwanted content, even after reinstalling the operating system.
Eclypsium considers the case serious enough to reveal this flaw in an accelerated process and has already warned Gigabyte, which should soon offer a corrected UEFI for all affected motherboards.
As a first step, while waiting for a fixed UEFI, users of Gigabyte motherboards are advised to disable the “APP Center Download & Install” function directly in the BIOS. You can access it by pressing the Del or Del key when starting your PC.
Finally, it is recommended that network administrators block these three addresses on their computer equipment:
http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
https://software-nas/Swhttp/LiveUpdate4
Note that this is not the first time that a motherboard manufacturer has had problems with this option, which allows software to be installed directly in the operating system. Asus has a similar option, “Donwload and Intall ARMOURY CRATE App”, which was previously pinned by Kaspersky in 2022.