MSI Motherboard SMM Memory Corruption Vulnerability
CVE-2024-36877
Certain Micro-Star International (MSI) motherboards have a buffer overflow vulnerability which allows an attacker to execute arbitrary code.
The FirmGuard Blog
CVE-2024-36877
Certain Micro-Star International (MSI) motherboards have a buffer overflow vulnerability which allows an attacker to execute arbitrary code.
CVE-2024-8105
The Binarly Research Team recently published a report about the firmware vulnerability PKfail. Because of this vulnerability, certain devices shipped with insecure Platform Keys (PK). These keys are used in a test/development environment and were not intended to be shipped with a production-ready device.
MSPs looking to offer compliance services should begin by understanding their clients’ specific needs and identifying relevant standards, such as NIST SP-800-88 for media sanitization. By providing services like endpoint erasure, MSPs can help clients safely dispose of sensitive data, offering a compliant and valuable solution.
FirmGuard enhances MSP technician efficiency by offering tools like SecureConfig, SecureWipe, and SecureSense, which streamline various critical tasks. SecureConfig allows remote BIOS updates, SecureWipe securely erases endpoint drives with a Certificate of Erasure, and SecureSense provides detailed endpoint information, all contributing to significant time savings and increased productivity.
In August 2012, Saudi Aramco experienced a massive cyberattack through the Shamoon virus, which exploited BIOS firmware vulnerabilities to render 35,000 endpoints useless, highlighting the critical need for firmware security solutions like FirmGuard.
SecureWipe by FirmGuard is the best choice for endpoint data erasure, offering a balanced solution that supports critical use cases like stolen devices, without the compromises of Windows Reset or physical destruction.
UEFI BIOS firmware attacks, such as BlackLotus, pose serious threats by bypassing Windows Secure Boot and allowing rogue operating systems to launch, compromising endpoints. FirmGuard can detect these issues and alert MSP admins, who can then take corrective action before any damage occurs.
SecureBeat links the FirmGuard endpoint agent and Cloud Server via a secure, encrypted tunnel, supporting features like SecureCheck, SecureConfig, SecureWipe, and SecureSense.
SecureSense offers comprehensive details about each individual endpoint, including system, CPU, memory, storage, and more. This information forms the foundation for FirmGuard’s analysis of endpoint health, status, and security posture. Additionally, SecureSense data fuels the FirmGuard dashboard and reporting engine, and when combined with other FirmGuard metrics, it creates an unparalleled platform for managing various endpoint aspects, including BIOS firmware security.
The US government warned the IT industry about UEFI firmware-based attacks via a CISA blog post. UEFI, a critical BIOS firmware in devices, can be exploited for persistent access by attackers. This malware can survive resets and hard drive replacements, posing a severe threat.
Phoenix Technologies
Corporate Headquarters:
2105 S. Bascom Avenue
Suite 316
Campbell, CA 95008-3295
Toll Free: 1-800-677-7305
Tel: +1-408-570-1000
Who We Serve
Solutions
Resources
Company
Copyright © 2025. FirmGuard
BIOS firmware security
Remote BIOS configuration
Remote BIOS update
Remote endpoint drive erasure
Remotely reimage an endpoint
Display endpoint system information
Monitor endpoint connectivity