Should I worry?

[Edward78]

The board I have they have no updte to patch it.

[YoungBlade]

6 minutes ago, Edward78 said:

The board I have they have no updte to patch it.

It's of moderate concern.

 

Theoretically, it seems like this can be executed from a userland program if it is given elevated permissions. So if you get a malicious piece of software, and you hit "Yes" on the UAC prompt asking for administrative permissions, this could affect you. 

 

In theory, anything without admin permissions shouldn't be able to modify the code in UEFI. I don't know enough to say that Windows doesn't have some workaround for that limitation, but this shouldn't be possible to do with a drive-by piece of code from just viewing a website in a normal browser.

 

It is a serious issue if your board is compromised, as there's no guarantee that even a BIOS flash will fix this, so yeah, the board basically useless at that point, at least if connected to the Internet, because an attacker can hijack your system. You could use it offline as like a retro gaming box, or HTPC, probably. If you know how to isolate it properly, maybe you can have it serve some purpose, but I wouldn't trust it for anything mission critical, and I would not let it interact with other computers on your network.

[Levent]

I dont feel like watching that video but from the links they posted, it might be gigabyte intel SMMRAM thing Intel boards had. If you are talking about the board in your signature, that shouldnt impact you.

[FilipposTechGR]

22 minutes ago, Edward78 said:

The board I have they have no updte to patch it.

If your board vendor hasn’t released a patch yet, I wouldn’t panic. A lot of these low-level exploits are pretty hard to pull off unless someone has direct access to your system. Just keep your OS and other software up to date, and keep an eye if the manufacturer releases a BIOS update later.

[Sauron]

3 minutes ago, YoungBlade said:

So if you get a malicious piece of software, and you hit "Yes" on the UAC prompt asking for administrative permissions, this could affect you. 

I can think of few scenarios where this would not end poorly anyway. I'd classify this as pretty low risk for general users.

[YoungBlade]

1 minute ago, Sauron said:

I can think of few scenarios where this would not end poorly anyway. I'd classify this as pretty low risk for general users.

It probably would still be fine, but it could end badly. What concerns me is that it's theoretically possible to do this without in-person access to the computer. It's a way bigger threat to users than similarly bad vulnerabilities in the past that required physical access to the hardware.

 

I guess in the grand scheme of things, the risk is still low. In a sense, nothing changes, as you should never be giving admin permissions to untrusted software regardless of whether this specific vulnerability exists.

[Edward78]

2 hours ago, Levent said:

I dont feel like watching that video but from the links they posted, it might be gigabyte intel SMMRAM thing Intel boards had. If you are talking about the board in your signature, that shouldnt impact you.

Thanks.