If you have a Gigabyte motherboard, your PC might stealthily download malware

If you own a Gigabyte motherboard, your system might be at risk. Researchers spotted a dangerous vulnerability in the firmware. Fortunately, there's a fix.

If you have a Gigabyte motherboard, your PC might stealthily download malware

Yet another motherboard manufacturer seems to be in trouble — or rather, the people who own those motherboards might be. According to security researchers, countless Gigabyte boards might be vulnerable to dangerous cyberattacks.

If you want to be extra safe, there are a couple of things you can do to protect your PC. Here’s what we know.

A Gigabyte Aorus Extreme motherboard.

According to a report published by security company Eclypsium, many Gigabyte motherboards are at risk. Eclypsium published a full list of the models that are affected by the vulnerability, and that list alone encompasses over 270 different entries. That means that if you own a Gigabyte board, chances are that you’re affected by this too. Both AMD and Intel platforms might be compromised.

To give you a quick recap on what’s going on, Eclypsium has found a vulnerability within the firmware of those Gigabyte motherboards. Gigabyte’s own software automatically updates the firmware without further prompts, and because of that, it opens the door to potential attacks.

The list of risks is huge, but individual users are in less danger than organizations that run multiple computers equipped with Gigabyte boards. This is because the attacker would have to be using the same network as you in order to divert the software updater to download a harmful payload instead of a new firmware update. Still, this could be dangerous and awfully difficult to get rid of. To make matters worse, out of the three possible download locations for Gigabyte’s firmware, one of them is only using a plain HTTP address instead of HTTPS, further lowering the security of the downloading process.

While this is a quite sophisticated and situational hack, if a threat actor or hacker group manages to carry out the attack, the consequences could be disastrous. Let’s go over them quickly.

For one, hackers could exploit vulnerable software built into a computer’s firmware in order to pose as a legitimate feature. From there, they could gain full access to the affected PC and network. UEFI rootkits and implants, which are a type of malware, also pose a great threat because they’re executed before your system even starts up. As such, not even reinstalling the operating system and wiping your drives clean would be enough to get rid of them.

Perhaps the worst thing of all is that the firmware download occurs during system start-up, so you’d likely be none the wiser until it would be too late. Eclypsium goes into a lot of detail in its report as to what the dangers of this vulnerability are, so make sure to read it here if you’re interested.

How to protect yourself

The front of a Project Stealth PC.Gigabyte

Gigabyte is working with Eclypsium in order to fix this issue. The company released an official statement, saying that its engineers have already addressed the potential risks in the latest beta version of the BIOS. This means that owners of Intel 700/600 or AMD 500/400 boards could go ahead and download the update and stay safe, but using a beta version of the BIOS comes with some risks of its own. It’s unclear whether using it would affect the board warranty at this point.

Fortunately, Eclypsium has also provided a couple of fixes that can tide you over until Gigabyte clears everything up. You’ll first have to enter the BIOS. This is most commonly done by tapping the F2 or Del key over and over during the time when your PC is starting up, but if that doesn’t work, check out our guide on how to use the BIOS to see if there are any other keys you might need to mash here.

Once you’re on the options screen, navigate to the App Center Download & Install feature and disable it. This turns off automatic updates. We also recommend setting a BIOS password to add an extra layer of security.

Motherboards, in general, have had their share of troubles lately. As Gigabyte is battling this problem, Asus also finds itself in the crossfire following a huge AMD Ryzen 7000 controversy. Instead of a cybersecurity threat, users with Asus boards have found their PCs at risk of burning up.

Editors' Recommendations

Your next smartphone might have an Intel processor — seriously AMD Ryzen Master has a bug that can let someone take full control of your PC Gigabyte may have accidentally leaked Nvidia’s plans for the RTX 4080 12GB This game lets hackers attack your PC, and you don’t even need to play it Here’s everything you need to build a great gaming PC in 2022

Monica J. White

Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…

This malware infects your motherboard and is almost impossible to remove

A digital encrypted lock with data multilayers.

Researchers have discovered malware that has been secretly infecting systems featuring Asus and Gigabyte motherboards for at least six years.

Since 2016, Chinese-speaking hackers have been infiltrating machines with the CosmicStrand malware, according to a report from Bleeping Computer.

Read more

When should you upgrade your CPU?

AMD Ryzen 7 5800X3D chip.

The CPU is arguably the most important component in a computer, perhaps only second to the GPU if you're a gamer. However, doing a CPU upgrade isn't always straightforward; it can be difficult to choose the right time to upgrade and the right CPU to upgrade to, because that can often entail swapping out the motherboard and even the memory, too. Not every application is going to improve from a CPU upgrade, and you need to check your existing cooler is compatible as well.

There are, however, some general rules when it comes to CPUs that can help you determine whether or not an upgrade is really worth your time and money.
When to upgrade your CPU for gaming

Read more

Computex 2022: All X670 motherboards announced

MSI MEG X670E Godlike motherboard.

As part of Computex 2022, many new motherboards for the upcoming AM5 socket have been announced, set to release in time for the launch of the AMD Ryzen 7000. AMD's new platform will support three chipsets: The X670, X670E, and B650.
New AM5 chipsets
The X670 platform will be aimed at enthusiasts and will come with a range of bells and whistles to make the most of the next-gen AMD CPUs. MSI and Asus have already announced a few models, but they're not the only manufacturers to have something new up their sleeves.

The introduction of next-gen AMD Ryzen 7000 processors is a big step for AMD, and consequently, for the makers of matching AM5 motherboards. AMD has held on to the AM4 socket for a long time, but it now confirms that it plans to retire it and move on to the new AM5 platform. With that, three new chipsets are being introduced. The X670 and the X670E are the two chipsets with access to PCIe 5.0, while B650 doesn't support it at all.

Read more