Intel Motherboard Vulnerability

Discussion in 'other security issues & news' started by Paul Wilders, Apr 26, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Jul 1, 2001
    The Netherlands
    A security vulnerability in Intel's motherboard allows local attackers to choose the boot device even if does not have the BIOS password required for such alteration.

    Affected systems:
    * Intel D845HV / WN (tested on BIOS revisions P05-0022, P09-0035, P10-003:cool: and D845PT (tested on BIOS P01-0012) Pentium 4 motherboards

    If the user hits the F8 key during the POST, they are presented with a "Please select boot device" dialog, enabling them to boot off any bootable device in the PC (FDD, HDD, CDROM, Network, etc).

    This dialog is obtainable regardless of whether a Supervisor password has been set in the BIOS, and the "User Access Level" does not affect the user's ability to boot from an alternate device.

    This is obviously a concern to any administrator who does not want users to be able to boot from an alternate device, as this could enable different software / OS to be installed, it enables boot sector viral infection, and can give the user better access to the PC's file system.

    To stop the user from being able to boot off alternate devices, follow this procedure:

    Set a Supervisor password in the BIOS, and set the User access level to "No Access"

    In the BOOT options, Boot Device Priority, disable everything except the Hard Disk (as you normally would).

    In the Removable Drives and ATAPI CD-ROM Drives option, disable all shown devices. Also, disable any other hard drives that may be in the PC (other than the one you want to boot from).

    Save and Exit.

    The user can still press F8, and get the boot option dialogue with all available devices listed, but regardless of which device they select the PC will boot from the hard disk.

    Intel are working on a new BIOS release which will completely remove (or allow you to disable) the F8 option.


    source: securiteam
Thread Status:
Not open for further replies.