Major UEFI Flaw Enables Game Cheats On ASUS, ASRock, Gigabyte & MSI Motherboards

Players of Riot Games on the PC are familiar with the Vanguard kernel-level anti-cheat software by now. However, even with it installed and updated, gamers may have received a notice that their system is restricted from launching the popular game Valorant. This isn't an accident—per a blog post from Riot Games, a key vulnerability in modern UEFI firmware still left space open during boot-up before the system's memory could be secured by anti-cheat. The Vanguard research team realized that this vulnerability could be used by cheating software or other bad actors, and thus contacted ASUS, Gigabyte, MSI, and ASRock to collaborate on comprehensive BIOS updates across all the major motherboard makers. Each vendor also posted their own Security Advisory, but the discovery is ultimately the Vanguard research team's.

The exact nature of the vulnerability is this: Modern systems have something called Pre-Boot DMA (Direct Memory Access) Protection, which utilizes the IOMMU (Input-Output-Memory Management Unit) to prevent unauthorized devices from attempting to access memory during the boot process, before the operating system or even a kernel-level anti-cheat like Vanguard could load. If Pre-Boot DMA Protection isn't working properly for any reason, kernel-level hardware security measures become effectively useless.


As Riot describes it, the issue with this feature on a number of motherboards is that while the setting was enabled, the IOMMU was not being fully initialized, which meant "the bouncer appeared to be on duty, but was actually asleep in the chair". Fortunately, this vulnerability was discovered earlier this year, and remain on background up until now, while Riot worked with the four aforementioned motherboard manufacturers to ship BIOS updates to affected boards. So, all you should need to do is go to your respective motherboard manufacturer's site and grab the latest BIOS update. ASUS, Gigabyte, MSI, and ASRock have all posted security advisories with links to the updates you should need.

At time of this publication, it would seem that users of UEFI-enabled motherboards too old to receive these updates shouldn't need to worry about being unable to play Valorant without an update, which they will likely not receive, as long as their boards already support TPM 2.0 and Secure Boot. Since I'm actually one of those people, I'll be installing Valorant just to verify whether or not this is the case on my Gigabyte Z490I Aorus Ultra motherboard, which has modern UEFI features, but was not included or mentioned in this update wave.

Update: Having now tested it, I can confirm Valorant works on my motherboard which was not included in these patches. This is either because older TPM 2.0/Secure Boot motherboards are unaffected by this exploit, or Vanguard will only flag this issue for "certain players" who exhibit suspicious activity in some way.