Microsoft’s latest Windows Preview update has reportedly triggered a bug on certain motherboards manufactured by hardware company MSI. This issue is just one of several problems that have plagued motherboard makers in recent years.
Both Microsoft and MSI released statements acknowledging the problem, explaining that installing the latest Windows Preview update, known as KB5029351 Preview, can lead to a blue screen error with an unsupported-processor message. The update offers new features and improvements for various components of Windows 11. However, as of now, neither Microsoft nor MSI has determined the cause of the issue.
In response to the error, MSI advised users to refrain from installing the KB5029351 Preview update until the root cause is identified. The company stated that it is actively investigating the issue alongside Microsoft. This motherboard problem adds to a series of mishaps that have affected motherboard manufacturers over the past year.
In January, vulnerabilities were discovered in the firmware used by baseboard management controllers, which are remote management chips found on many server motherboards. These vulnerabilities could have potentially allowed unauthorized remote access to the affected servers. Additionally, researchers revealed a backdoor in numerous Gigabyte motherboard models in late May. This backdoor, intended to simplify updating, actually left computers vulnerable to attack. Fortunately, Gigabyte quickly patched the issue after it was exposed.
In March, security firms issued warnings about the BlackLotus malware, which specifically targeted the Unified Extensible Firmware Interface (UEFI). UEFI acts as the intermediary software between the operating system and the motherboard. Threat actors were using the malware to bypass Microsoft’s Secure Boot feature. The US Cybersecurity and Infrastructure Security Agency (CISA) raised the alarm and emphasized the need to enhance UEFI cybersecurity capabilities.
While motherboard issues are a concern, the recent problem with MSI motherboards is unlikely to pose significant security risks. Instead, it primarily affects the availability of affected computers. Nate Warfield, director of threat research and intelligence at firmware security firm Eclypsium, explains that blue screen errors are generally not vulnerabilities themselves but rather interoperability issues. Motherboards have become complex ecosystems comprised of various technologies, such as Trusted Platform Module (TPM) chips and the UEFI standard.
Microsoft has prioritized Secure Boot as a fundamental aspect of its zero-trust security strategy. Secure Boot attests to a machine’s state and helps guard against unauthorized access. However, threat actors are increasingly searching for ways to bypass this security feature, not for initial access but for persistence once inside a device. As operating systems and applications have improved security, attackers have shifted their focus to less costly avenues of exploitation.
Although there may not be many immediate solutions for users affected by the MSI motherboard bug, it is crucial for companies to take essential security measures. Enabling Secure Boot should be a standard practice for all motherboards in 2023. However, it was discovered that MSI had disabled Secure Boot on some models, and in a previous incident in 2022, one version of their motherboards shipped without it entirely. Users should not assume that default security features are functioning correctly and are encouraged to test them.
Furthermore, organizations must have a detailed understanding of their assets, including information about the specific motherboard and firmware versions in use. This level of asset control is necessary to determine the extent of vulnerabilities or issues within their systems. Without this knowledge, it becomes challenging to manage and mitigate risks effectively.
In conclusion, the recent motherboard bug affecting MSI motherboards highlights the ongoing challenges faced by manufacturers in ensuring robust cybersecurity measures. While motherboard issues can impact device availability, it is crucial for companies and users to stay vigilant and implement essential security measures, such as enabling Secure Boot and regularly testing security features. By remaining proactive, organizations can better protect their systems and minimize the potential impact of motherboard-related vulnerabilities.