New Delhi: The Indian government has issued a high-severity cybersecurity alert for Windows PC users, warning of serious vulnerabilities linked to certain motherboard chipsets used in widely deployed systems. The advisory, released by the Indian Computer Emergency Response Team (CERT-In) in December 2025, names motherboard platforms from major vendors including ASUS, MSI, Gigabyte, and
ASRock, as well as systems based on AMD platforms.
The warning affects potentially millions of personal and enterprise users, with the government urging immediate caution and system updates to mitigate the risk of exploitation.
Nature of the Vulnerability
According to the CERT-In bulletin dated December 24, 2025, the issue has been classified as high severity. The advisory explains that the vulnerability arises from weaknesses in how Direct Memory Access (DMA) protections are enforced during the early boot process.
“These vulnerabilities exist due to improper enforcement of DMA protections during the early boot phase, which could allow a local attacker with physical access to exploit a malicious PCIe device to gain unauthorised access to system memory before the operating system loads.”
Because the exploit occurs before the operating system becomes active, traditional OS-level security controls may not detect or prevent the attack.
Why the Alert Matters
Windows PCs form the backbone of daily computing across homes, enterprises, and critical business environments. While such hardware-level vulnerabilities are often associated with enterprise threats, CERT-In cautioned that regular consumers are equally exposed, particularly in scenarios involving shared or unattended systems.
Security experts note that attacks requiring physical access are less common—but when they occur, the impact can be severe due to the low-level nature of the exploit.
Affected Motherboard Platforms
CERT-In listed the following motherboard families as impacted:
- ASRock motherboards using Intel 500, 600, 700, and 800 series
- ASUS motherboards using Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 series
- Gigabyte motherboards using Intel Z890, W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, and W790 series
- AMD-based platforms using X870E, X870, B850, B840, X670, B650, A620, and A620A series
- MSI motherboards using Intel 600 and 700 series
What Users Should Do
CERT-In said the affected manufacturers have already been informed of the risks, and security patches are available. Users running systems with any of the listed motherboards are advised to:
- Visit the official support page of the motherboard manufacturer
- Download and install the latest BIOS or firmware updates
- Avoid connecting unknown or untrusted PCIe devices to their systems
A Rare but Serious Warning
Large-scale security advisories targeting PC chipsets and motherboards are uncommon. When they do surface—especially from a government cyber agency—they warrant immediate attention.
Cybersecurity experts stress that this alert should not be ignored, as hardware-level vulnerabilities can bypass many conventional security safeguards. With the advisory coming directly from CERT-In, users are strongly encouraged to act promptly and ensure their systems are fully updated.
