Published in PC Hardware

AMD and Intel motherboards receive BIOS updates

by on11 April 2024


Fixing LogoFAIL flaw

AMD and Intel motherboards have received BIOS updates to kill off the LogoFAIL vulnerability, causing a stir since December 2023.

This sneaky flaw is like a digital pickpocket, swiping the UEFI boot screen before your OS even knows what's hit it. And it's not playing favourites – both Intel and AMD are in the hot seat, with BIOS firmware from AMI, Phoenix, and Insyde getting a bit of a black eye.

Intel was quick off the mark, patching up its Management Engine to version 16.1.30.2307 quicker than you can boil a kettle. AMD's not far behind, trotting out AGESA firmware updates with a 'c' version meant to be the bee's knees at squashing those extra bugs.

The big guns – Gigabyte, Asus, MSI – are all dishing out BIOS updates with these new AGESA versions, hoping to give LogoFAIL the old heave-ho. But there's a snag – those fancy X670 chipset motherboards are still waiting for their turn under the spanner.

LogoFAIL is a crafty little blighter that slips in before your system boots, bypassing your trusty anti-malware tools. It targets the BIOS's customisable images during the DXE phase, sneaking in a bootkit while your CPU and OS are none the wiser.

The trouble's brewing from firmware across the board, with each BIOS vendor stirring their own flavour of image parsers into the mix. Insyde's got a smorgasbord of image formats in its BmpDecoderDxe module, AMI's serving up parsers in the AMITSE DXE module, and Phoenix is dishing out its SystemImageDecoderDxe module, ready to tackle BMPs, GIFs, and JPEGs.

The US National Institute of Standards and Technology (NIST) has stamped LogoFAIL with its seal of disapproval, listing it in the National Vulnerable Database under CVE-2023-40238. This isn't just a storm in a teacup for component manufacturers; OEM motherboards are feeling the heat, too, with a Lenovo ThinkCentre M720s powered by an 11th-gen Intel CPU caught in the crossfire.

 

Last modified on 11 April 2024
Rate this item
(2 votes)

Read more about: