# Is Gigabyte only vendor security aware?



## AlwaysHope (Dec 2, 2021)

Just got wind of this today. Checked for bios updates on my Gigabyte Z590 board & there is a bios update that addresses this among other measures;
...
2. Major vulnerabilities updates, customers are strongly encouraged to update to this release at the earliest.
Credits to "Assaf Carlsbad and Itai Liba from SentinelOne"
...

Quick look through the other range of Z590 boards from Gigabyte reveals the same bios update description. 
A check of other Z590 board makers reveals no info on this aspect of UEFI malware potentiality. That is from Asus, MSI & Asrock to date. 
I also checked for bios updates on my MSI B450 & X570 boards, but nothing since September as yet. Not sure if this is specific to Z590 boards from Gigabyte or not. 

Intel, themselves have even acknowledged this exploit as outlined here

So, either Gigabyte are on the ball with security or the other mobo vendors are still deciding.....


----------



## Caring1 (Dec 2, 2021)

Wow, those vulnerabilities have been around a while, and only just getting patched now.


----------



## MachineLearning (Dec 2, 2021)

This post caused me to check my B550 Aorus Pro V2 BIOS support page for updates. The newest version is the same version that I have, their site lists it as release F14e, 10/13/2021, and that release has the exact same text you provided ("Major vulnerabilities updates...").

Interestingly, I did check that page a couple of days after that BIOS was released, updated my mobo with it. But, that text was not present at that time. The release is still F14e. I'm wondering if the vulnerability update was already present in F14e, and they chose to make it public only now for some reason. Otherwise I'd expect it to be F14f or F15.

It's odd to me that they released a BIOS that patched a vulnerability, but did not make public the fact that they included said patch until now (or recently), if that is indeed what has happened.

edited for clarity


----------



## RJARRRPCGP (Dec 2, 2021)

But no remote code execution to worry about, unlike that 9th-gen-and-earlier CSME fiasco.


----------



## AlwaysHope (Dec 2, 2021)

Caring1 said:


> Wow, those vulnerabilities have been around a while, and only just getting patched now.


Last night, checking for updates from MS, there was an Intel "component software" being installed, no other info on the update tab but a version number.
I'm guessing it has something to do with it? In any case good idea all round to update the bios anyway. This stuff with firmware security can be quite complex.



MachineLearning said:


> This post caused me to check my B550 Aorus Pro V2 BIOS support page for updates. The newest version is the same version that I have, their site lists it as release F14e, 10/13/2021, and that release has the exact same text you provided ("Major vulnerabilities updates...").
> 
> Interestingly, I did check that page a couple of days after that BIOS was released, updated my mobo with it. But, that text was not present at that time. The release is still F14e. I'm wondering if the vulnerability update was already present in F14e, and they chose to make it public only now for some reason. Otherwise I'd expect it to be F14f or F15.
> 
> ...


The hardware vendors have to be extra careful about releasing info like this into the public domain, for pretty obvious reasons. Everytime you boot the machine up, do you regularly check for updates manually? 
I've seen MS update service try & update when I've manually disconnected from net. It will still report it has already updated even though no physical connection....


----------



## R-T-B (Dec 2, 2021)

Gigabyte is the easiest vendor to bios-mod FWIW, because they don't write-protect the bios at runtime.  Unsure I'd call that a great security practice, though.


----------



## AlwaysHope (Dec 2, 2021)

R-T-B said:


> Gigabyte is the easiest vendor to bios-mod FWIW, because they don't write-protect the bios at runtime.  Unsure I'd call that a great security practice, though.


Ok, so why would they do that? Is that slackness on their part or what?


----------



## cvaldes (Dec 2, 2021)

AlwaysHope said:


> Ok, so why would they do that? Is that slackness on their part or what?


Ask Gigabyte.


----------



## AlwaysHope (Dec 2, 2021)

cvaldes said:


> Ask Gigabyte.


Considering I got an unusual update via MS service for an Intel product on my Z590 system last night, I think it's more complicated than that.


----------



## cvaldes (Dec 2, 2021)

Well, it's their product. They are the ones who should understand it the best. After all, they made it.

Of course, whether or not they've staffed their technical support team with people who actually have brains (and basic communication skills) is a completely separate issue. I have zero comment on that since I don't ever recall being a Gigabyte customer.

Best of luck.


----------



## R-T-B (Dec 2, 2021)

AlwaysHope said:


> Ok, so why would they do that? Is that slackness on their part or what?


I really have no idea.  It IS convienient for making bios mods but I doubt that is their rationale.


----------



## chrcoluk (Dec 2, 2021)

AlwaysHope said:


> Just got wind of this today. Checked for bios updates on my Gigabyte Z590 board & there is a bios update that addresses this among other measures;
> ...
> 2. Major vulnerabilities updates, customers are strongly encouraged to update to this release at the earliest.
> Credits to "Assaf Carlsbad and Itai Liba from SentinelOne"
> ...


Its dated 11 Sept, the other vendors may have already patched and its Gigabyte late to the game?


----------



## Chomiq (Dec 2, 2021)

They're so security aware that they got ransomwared and still can't recover some of their data.


----------



## MarsM4N (Dec 2, 2021)

Guess it depends on the manufacturer. Isn't it also common that they *drop support* (or reduce the update cycle) for mainboards after 3-5 years?
That's at least my experience with Asus.

Now on a 6 year old mass produced Lenovo office machine, they still keep pumping out BIOS'ses like nuts. That's a real security benefit.


----------



## Chomiq (Dec 2, 2021)

> *Major vulnerabilities updates, customers are strongly encouraged to update to this release at the earliest.
> Credits to "Assaf Carlsbad and Itai Liba from SentinelOne"
> • Introduce capsule BIOS support starting this version.*
> 
> ...


F36e for X570 Elite was available since 2021/10/14 but that part in bold was added today.


----------



## R-T-B (Dec 2, 2021)

MarsM4N said:


> Guess it depends on the manufacturer. Isn't it also common that they *drop support* (or reduce the update cycle) for mainboards after 3-5 years?
> That's at least my experience with Asus.


I don't mean this rude but that's like industry standard practice.



MarsM4N said:


> Now on a 6 year old mass produced Lenovo office machine, they still keep pumping out BIOS'ses like nuts. That's a real security benefit.


Lenovo is good on that front, but they have other issues with their addon packages that keep me away from them.


----------



## AlwaysHope (Dec 3, 2021)

Chomiq said:


> They're so security aware that they got ransomwared and still can't recover some of their data.


That's only the attack you know. Bet other vendors get them but don't publicise it.


----------



## Chomiq (Dec 4, 2021)

They don't mention this for other updated bioses:








						B560M DS3H AC (rev. 1.x) Support | Motherboard - GIGABYTE U.S.A.
					

Lasting Quality from GIGABYTE.GIGABYTE Ultra Durable™ motherboards bring together a unique blend of features and technologies that offer users the absolute ...




					www.gigabyte.com
				





> Introduce capsule BIOS support starting this version.
> *Customers will NOT be able to reverse to previous BIOS version due to major vulnerabilities concerns. *


----------



## Bomby569 (Dec 5, 2021)

Thanks for the waning. They really should warn people (not exactly sure how) not just update the bios page.


----------



## INSTG8R (Dec 5, 2021)

Actually the X570 Aorus Elite got a similar update yet nothing under it including my Pro did..
Edit: I lied they have updated my boards page with the same info I have been on that BIOS since it came out in Beta so I guess I’m already “protected”


----------



## Chomiq (Dec 6, 2021)

GN covered this in their news episode, here's a presentation linked to the vulnerability:


----------

