According to SlashGear , in a blog post detailing the issue, Eclypsium revealed that a security flaw with Gigabyte motherboards was found in the firmware. While there have been no reports of anyone using the vulnerability to intentionally cause damage, the fact that the vulnerability affects the motherboard's auto-update function is concerning. Eclyspium described the vulnerability as a backdoor that had been undetected for years and was found on some Gigabyte motherboards.
Security vulnerability discovered on 257 motherboard models of Taiwanese manufacturer
The issue lies in flaws in Gigabyte's update program, a key feature on motherboards. It is triggered when the motherboard attempts to connect to Gigabyte's servers to look for a new firmware version, where the update program pings three different websites for the updated version of the firmware. One of these websites does not have an SSL certificate and is completely unsecured, the researchers said. In the case of the other two links, although they have valid security certificates, Gigabyte is said to have failed to properly implement the remote server certificate.
The irony here is that firmware updates are often used to fix vulnerabilities and security threats. However, in this case, the way the company was rolling out the firmware update exposed millions of users to serious security threats. In fact, Eclypsium said the update executed various code without proper user authentication.
As for the motherboards affected by the vulnerability, Eclypsium identified 257 models that were manufactured and sold to consumers by Gigabyte over the past few years. Among those affected are Gigabyte's latest Z790 and X670 models, alongside a long list of boards from AMD's 400-series machines.
Since the vulnerability is at the BIOS level, it can be difficult for the average user to avoid the threat. However, Eclypsium has shared some tips with users to explain how to stay safe from any potential problems caused by this vulnerability. To start, the company recommends disabling a feature called “APP Center Download & Install” in the motherboard BIOS, as well as applying a password to this feature. This will prevent the BIOS from performing automatic firmware update checks without user intervention.
Gigabyte acknowledged the issue in a press release. In fact, the company has already started rolling out beta versions of its BIOS to fix the bug. Gigabyte's latest Intel 700/600 series and AMD 500/400 series motherboards are the first to receive the updated firmware. Gigabyte also said that a BIOS update for Intel 500/400 and AMD 600 series motherboards is planned.
Source link
![[Photo] High-ranking delegation of the Russian State Duma visits President Ho Chi Minh's Mausoleum](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/28/c6dfd505d79b460a93752e48882e8f7e)
![[Photo] Joy on the new Phong Chau bridge](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/28/b00322b29c8043fbb8b6844fdd6c78ea)
![[Photo] The 4th meeting of the Inter-Parliamentary Cooperation Committee between the National Assembly of Vietnam and the State Duma of Russia](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/28/9f9e84a38675449aa9c08b391e153183)
Comment (0)