Gigabyte starts to roll out fix for UEFI vulnerability affecting all its recent motherboards
Gigabyte's UEFI contains code to automatically download and install firmware updates without user intervention. Unfortunately with some very weak security allowing the possibility of bad actor exploitation of the feature.
https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Gigabyte have responded to security researchers Eclypsium by announcing several fixes for boards containing their four leading chipsets.
https://www.gigabyte.com/Press/News/2091
Ironically the updates will use the existing flaw to fix themselves!
The lesson here is that the UEFI environment allows manufacturers to incorporate processes that run in the background without end-user intervention (or even their knowledge) it's difficult to secure your premises when you don't know where all the doors are!