Today, it seems that they recognize their error and launch a readjustment so that all the users concerned can do it as soon as possible and thus avoid security problems.
BIOS update
if you have one gigabyte square It is more than likely that you have been affected, so it is very interesting that you take into account what the company launched a few hours ago to heal you.
This update consists of a BIOS update which improves the signature verification process. This is not a permanent solution, but the company recommends doing this to avoid unnecessary risk as much as possible, as they ensure that the validation process for downloaded software and files is more secure, and installing something that compromises our files would be more difficult task. Therefore, although the gap is still there, the temporary barrier that Gigabyte offers us can save us from some scare.
As a second change, they activated the cryptographic verificationwhich is to ensure that all downloaded files come from servers that are verified, certified and considered safe.
The update also covers motherboards that were not affected by the issue such as Intel 500/400 and AMD 600 series. We guess they were afraid that another door would be found that would open more models and they preferred to cover their backs.
So with these two changes the peace of mind they give us is a bit more than what we could have had yesterday where there was no type of solution from them and we were sold on waiting for such news.
It doesn’t change the fact that the bug is very serious and I hope they keep that in mind for future changes, where we’ll see much more robustly tested and proven updates.
They also recommend setting a password to access the bios setupsomething quite simple, which is not a major problem for us and closes the door to unwanted activities.
On another side, Eclipse The company that revealed the error also added that the previous version (with the error) automatically connected to 3 websites from which it downloaded software without our permission, namely:
- http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://software-nas/Swhttp/LiveUpdate4
For this reason they recommend accessing the motherboard and from the firewall disabling the “Downloading and Installing the App Center“. Which will ensure that these types of actions are not performed automatically, and we have to manually decide what we want to download and, above all, update.
With all these changes and advice we hope that no user has been affected by this vulnerability and that everything has been a bit scared. Of course, we will have to be aware of all the updates that will come to us from now on if we have one of the affected cards. It won’t happen to them again.
