Carnegie Mellon University’s Computer Emergency Response Team (CERT) has issued a security bulletin regarding a vulnerability found in many BIOS firmware implementations. If exploited, an attacker would have the ability to flash your motherboard’s BIOS.

x86-based computers employ a number of security measures to protect the BIOS from attacks, one such measure being write protection. A chipset’s register includes a pair of bits that either enable or disable write protection. When the bit is on, BIOS write protection is enabled; when it’s off, it’s disabled.

The default state of the bit is disabled. When a system is turned on, it’s up to the BIOS to enable write protection. The issue arises when a system is put into sleep mode.

This mode is treated like a system reset which sets the write protection state to disabled. As mentioned, the bit is set to "on" during a normal startup but when waking from sleep, there’s no mechanism to set the bit back to enabled and thus, write protection remains disabled.

CERT points out that devices from Apple and Dell are both impacted by the flaw. Apple began issuing updates to correct the matter on June 30 while Dell has provided CERT with a list of vulnerable devices. It also lists a number of other PC makers although their status is as unknown as of writing.

The best course of action at this point is to check with your motherboard vendor to make sure you have the latest firmware updates (and to keep checking back if the issue hasn’t yet been addressed by your board maker).

Image courtesy Tom's Hardware