{"id":22741,"date":"2025-07-19T00:05:00","date_gmt":"2025-07-19T03:05:00","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=22741"},"modified":"2025-07-15T18:08:47","modified_gmt":"2025-07-15T21:08:47","slug":"placas-mae-gigabyte-vulneraveis","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2025\/07\/exploits\/placas-mae-gigabyte-vulneraveis\/","title":{"rendered":"Placas-m\u00e3e Gigabyte vulner\u00e1veis"},"content":{"rendered":"\n<p data-start=\"44\" data-end=\"118\"><strong>Falhas cr\u00edticas em firmware: placas-m\u00e3e Gigabyte vulner\u00e1veis a bootkits<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"120\" data-end=\"196\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Pesquisadores da Binarly identificaram quatro vulnerabilidades s\u00e9rias no microc\u00f3digo UEFI de diversas placas-m\u00e3e Gigabyte. Essas falhas permitem que atacantes com privil\u00e9gios administrativos implantem <strong data-start=\"201\" data-end=\"245\">bootkits no System Management Mode (SMM)<\/strong> \u2014 um espa\u00e7o privilegiado abaixo do sistema operacional \u2014 capazes de ignorar prote\u00e7\u00f5es como o Secure Boot<\/span>.<\/p>\n<p data-start=\"120\" data-end=\"196\">\u00a0<\/p>\n<p data-start=\"203\" data-end=\"241\"><strong>Como funcionam as vulnerabilidades<\/strong><\/p>\n<p data-start=\"243\" data-end=\"280\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">As brechas descobertas incluem:<\/span><\/p>\n<ul data-start=\"282\" data-end=\"402\">\n<li data-start=\"282\" data-end=\"362\">\n<p style=\"text-align: justify;\" data-start=\"284\" data-end=\"362\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"33\" data-is-only-node=\"\">CVE\u20112025\u20117029 a CVE\u20112025\u20117026<\/strong>: falhas em handlers de SMI que permitem acesso \u00e0 SMRAM, escalonamento de privil\u00e9gio SMM e escrita arbitr\u00e1ria na RAM de firmware<\/span>.<\/p>\n<\/li>\n<li data-start=\"363\" data-end=\"402\">\n<p style=\"text-align: justify;\" data-start=\"365\" data-end=\"402\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Combinadas, essas falhas permitem a instala\u00e7\u00e3o de <strong data-start=\"50\" data-end=\"75\">bootkits persistentes<\/strong>, que resistem a reinstala\u00e7\u00f5es de sistema ou limpezas b\u00e1sicas.<\/span><\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"404\" data-end=\"559\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Segundo BleepingComputer, mais de 240 modelos s\u00e3o afetados (incluindo variantes regionais)<\/span>. <span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">PCWorld refor\u00e7a que muitas placas n\u00e3o recebem atualiza\u00e7\u00f5es UEFI por j\u00e1 estarem fora de suporte, complicando a resolu\u00e7\u00e3o para o usu\u00e1rio comum<\/span>.<\/p>\n<p>\u00a0<\/p>\n<p><strong>Riscos potencializados<\/strong><\/p>\n<ul data-start=\"594\" data-end=\"723\">\n<li data-start=\"594\" data-end=\"637\">\n<p data-start=\"596\" data-end=\"637\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"25\" data-is-only-node=\"\">Bypass do Secure Boot<\/strong>: c\u00f3digo malicioso \u00e9 executado antes mesmo do SO iniciar \u2014 evitando antiv\u00edrus ou EDR.<\/span><\/p>\n<\/li>\n<li data-start=\"638\" data-end=\"681\">\n<p data-start=\"640\" data-end=\"681\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"25\" data-is-only-node=\"\">Persist\u00eancia avan\u00e7ada<\/strong>: bootkits permanecem ativos, permitindo backdoors silenciosos, coleta de dados e controle remoto.<\/span><\/p>\n<\/li>\n<li data-start=\"682\" data-end=\"723\">\n<p data-start=\"684\" data-end=\"723\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"32\" data-is-only-node=\"\">Amea\u00e7a \u00e0 cadeia de seguran\u00e7a<\/strong>: manipula\u00e7\u00e3o de firmware pode comprometer a confian\u00e7a em softwares e sistemas operacionais.<\/span><\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p data-start=\"730\" data-end=\"776\"><strong>Respostas da Gigabyte e a\u00e7\u00f5es recomendadas<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"778\" data-end=\"898\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Gigabyte publicou boletim de seguran\u00e7a e j\u00e1 liberou atualiza\u00e7\u00f5es UEFI para cerca da metade dos modelos detectados<\/span>. <span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Contudo, placas antigas provavelmente n\u00e3o ter\u00e3o patches, exigindo:<\/span><\/p>\n<ul data-start=\"900\" data-end=\"1122\">\n<li data-start=\"900\" data-end=\"944\">\n<p data-start=\"903\" data-end=\"944\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"38\" data-is-only-node=\"\">Verificar lista de compatibilidade<\/strong> no site oficial.<\/span><\/p>\n<\/li>\n<li data-start=\"945\" data-end=\"989\">\n<p data-start=\"948\" data-end=\"989\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"23\" data-is-only-node=\"\">Atualizar BIOS\/UEFI<\/strong> imediatamente, mesmo em modelos fora de suporte.<\/span><\/p>\n<\/li>\n<li data-start=\"990\" data-end=\"1034\">\n<p data-start=\"993\" data-end=\"1034\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"32\" data-is-only-node=\"\">Substituir hardware obsoleto<\/strong>, pois firmware n\u00e3o atualizado representa risco cont\u00ednuo.<\/span><\/p>\n<\/li>\n<li data-start=\"1035\" data-end=\"1079\">\n<p data-start=\"1038\" data-end=\"1079\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"33\" data-is-only-node=\"\">Implementar monitoramento SMM<\/strong> ou scans de firmware (ex. Binarly Risk Hunt).<\/span><\/p>\n<\/li>\n<li data-start=\"1080\" data-end=\"1122\">\n<p data-start=\"1083\" data-end=\"1122\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"43\" data-is-only-node=\"\">Seguir o princ\u00edpio da defesa em camadas<\/strong>, combinando prote\u00e7\u00e3o de firmware, criptografia e solu\u00e7\u00f5es de endpoint.<\/span><\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"1129\" data-end=\"1156\">\u00a0<\/h3>\n<p data-start=\"1129\" data-end=\"1156\"><strong>Panorama e aprendizados<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"1158\" data-end=\"1197\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Este caso refor\u00e7a um ponto crucial: <strong data-start=\"36\" data-end=\"93\">firmware de placa-m\u00e3e \u00e9 parte da superf\u00edcie de ataque<\/strong>, mas frequentemente negligenciado. Vulnerabilidades no SMM exp\u00f5em o computador a riscos ainda mais graves do que os de software, sendo poss\u00edveis vetores de espionagem persistente \u2014 compar\u00e1veis a rootkits do passado.<\/span><\/p>\n<p style=\"text-align: justify;\" data-start=\"1199\" data-end=\"1279\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">A situa\u00e7\u00e3o com Gigabyte lembra o esc\u00e2ndalo dos rootkits presentes em CDs da Sony, evidenciando a urg\u00eancia de pr\u00e1ticas seguras de desenvolvimento de firmware<\/span>.<\/p>\n<p data-start=\"1199\" data-end=\"1279\">\u00a0<\/p>\n<p data-start=\"1286\" data-end=\"1298\"><strong>Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"1300\" data-end=\"1339\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">As vulnerabilidades de firmware das placas Gigabyte revelam a urg\u00eancia de pol\u00edticas rigorosas de atualiza\u00e7\u00e3o e substitui\u00e7\u00e3o de hardware. A transpar\u00eancia e a\u00e7\u00e3o da Gigabyte \u00e9 importante, mas insuficiente para dispositivos j\u00e1 obsoletos. Em ambientes sens\u00edveis, a \u00fanica forma robusta de prote\u00e7\u00e3o \u00e9 <strong data-start=\"295\" data-end=\"391\">combinar atualiza\u00e7\u00e3o proativa, monitoramento especializado e descarte de hardware vulner\u00e1vel<\/strong>, garantindo a seguran\u00e7a desde a camada mais profunda at\u00e9 o usuario final.<\/span><\/p>\n<p data-start=\"1300\" data-end=\"1339\">\u00a0<\/p>\n<p data-start=\"1346\" data-end=\"1361\"><strong>Refer\u00eancias Bibliogr\u00e1ficas: <br \/><\/strong><\/p>\n<ul data-start=\"1363\" data-end=\"1615\">\n<li data-start=\"1363\" data-end=\"1447\">\n<p data-start=\"1366\" data-end=\"1447\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Bill Toulas. <em data-start=\"13\" data-end=\"85\">Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot<\/em>. BleepingComputer (14 jul. 2025). Dispon\u00edvel em: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/gigabyte-motherboards-vulnerable-to-uefi-malware-bypassing-secure-boot\/\" target=\"_new\" rel=\"noopener noreferrer\" data-start=\"135\" data-end=\"375\" data-is-last-node=\"\">https:\/\/www.bleepingcomputer.com\/news\/security\/gigabyte-motherboards-vulnerable-to-uefi-malware-bypassing-secure-boot\/<\/a><\/span> <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]! transition-colors duration-150 ease-in-out\" href=\"https:\/\/caveiratech.com\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between overflow-hidden\"><span class=\"max-w-full grow truncate overflow-hidden text-center\">caveiratech.com<\/span><\/span><\/span><\/a><\/span><\/span><span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]! transition-colors duration-150 ease-in-out\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/gigabyte-motherboards-vulnerable-to-uefi-malware-bypassing-secure-boot\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between overflow-hidden\"><span class=\"max-w-full grow truncate overflow-hidden text-center\">BleepingComputer<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"1448\" data-end=\"1532\">\n<p data-start=\"1451\" data-end=\"1532\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Michael Crider. <em data-start=\"16\" data-end=\"84\">Hundreds of Gigabyte motherboards vulnerable to Secure Boot attack<\/em>. PCWorld (15 jul. 2025). Dispon\u00edvel em: <a href=\"https:\/\/www.pcworld.com\/article\/2848942\/hundreds-of-gigabyte-motherboards-vulnerable-to-secure-boot-attack.html\" target=\"_new\" rel=\"noopener noreferrer\" data-start=\"125\" data-end=\"351\" data-is-last-node=\"\">https:\/\/www.pcworld.com\/article\/2848942\/hundreds-of-gigabyte-motherboards-vulnerable-to-secure-boot-attack.html<\/a><\/span> <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]! transition-colors duration-150 ease-in-out\" href=\"https:\/\/www.pcworld.com\/article\/2848942\/hundreds-of-gigabyte-motherboards-vulnerable-to-secure-boot-attack.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between overflow-hidden\"><span class=\"max-w-full grow truncate overflow-hidden text-center\">PCWorld<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<\/ul>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Falhas cr\u00edticas em firmware: placas-m\u00e3e Gigabyte vulner\u00e1veis a bootkits Pesquisadores da Binarly identificaram quatro vulnerabilidades s\u00e9rias no microc\u00f3digo UEFI de diversas placas-m\u00e3e Gigabyte. Essas falhas permitem que atacantes com privil\u00e9gios administrativos implantem bootkits no System Management Mode (SMM) \u2014 um espa\u00e7o privilegiado abaixo do sistema operacional \u2014 capazes de ignorar prote\u00e7\u00f5es como o Secure Boot. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":22745,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-22741","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=22741"}],"version-history":[{"count":4,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22741\/revisions"}],"predecessor-version":[{"id":22746,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22741\/revisions\/22746"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/22745"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=22741"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=22741"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=22741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}