Hundreds of MSI Motherboards Have a Serious Security Flaw

Someone at MSI screwed up and left hundreds of the company’s motherboards vulnerable to malware.

As BleepingComputer reports(Opens in a new window), the vulnerability was discovered by Polish security researcher Dawid Potocki(Opens in a new window) when he decided to setup Secure Boot on his new desktop PC. Secure Boot is used to ensure UEFI drivers and operating system boot loaders are signed by a trusted digital signature before they are allowed to execute.

What Potocki found was that MSI had changed the Secure Boot default settings as part of a Jan. 18, 2022 firmware update (version 7C02v3C) so that an option called “Image Execution Policy” was set to “Always Execute.” It means that even if security violations are detected and the operating system is untrusted, the motherboard will still allow it to run.

End users will have no idea their system is vulnerable unless they decide to check the Secure Boot settings themselves. Worse still, is the fact Potocki has found more than 290 MSI motherboards are at risk, with the full list available to view on GitHub(Opens in a new window).

If you have an affected MSI motherboard, the best course of action is to update it to the latest firmware version(Opens in a new window) and then manually check the Image Execution Policy is set to “Deny Execute” for both “Removable Media” and “Fixed Media.”

You’d think MSI would be eager to hear about this problem and ensure all its motherboards changed the Image Execution Policy setting as quickly as possible. However, that’s not the case. As Potocki explains, “If you are curious, yes, I have tried contacting MSI about this issue, but they ignored my emails and other forms of communication I have tried.”