Vanguard tightens boot checks as BIOS flaw exposes pre-boot DMA gap

Table of Content

Riot Games has outlined a new anti-cheat enforcement step for VALORANT after uncovering a critical pre-boot vulnerability across multiple motherboard vendors. The flaw impacts how systems initialize memory protection during the earliest stage of startup, potentially opening a brief window for DMA-based hardware cheats to inject code out of sight. Riot’s Vanguard will begin stricter boot security checks for certain players and block game launch on affected systems until protections are verified.

The company says motherboard makers have prepared BIOS/UEFI firmware updates to close the gap. Players who trip Vanguard’s checks will see a VAN:Restriction prompt explaining what must be enabled or updated before returning to play.

What Riot found – and why it matters

At power-on, firmware loads before the operating system – anything that initializes earlier typically has higher privilege. DMA cheat devices exploit this by accessing memory directly, bypassing the OS. Modern defenses rely on the IOMMU and the setting often labeled Pre-Boot DMA Protection to fence off memory from unauthorized devices from the first milliseconds of boot.

Riot’s research identified cases where firmware reported Pre-Boot DMA Protection as enabled while IOMMU was not correctly initialized during early boot. The result: a small but significant window where a sophisticated DMA device could inject code before security systems and the OS fully take control.

How Vanguard will respond

Vanguard is designed to establish a trusted perimeter around the Windows kernel as early as possible. If the system’s early-boot protections are not actually active, Vanguard cannot guarantee integrity. In these cases, it will apply a VAN:Restriction and prevent VALORANT from launching until the required conditions are met.

According to Riot, restrictions can be applied at the account or HWID level when it detects suspicious hardware behavior or statistical anomalies consistent with bypassed security features. A restriction does not automatically imply cheating – it indicates a risky configuration similar to known cheat setups.

What affected players need to do

• Update motherboard BIOS/UEFI to the latest version provided by the manufacturer.
• Enable platform security features such as Pre-Boot DMA Protection, Secure Boot, Virtualization-Based Security (VBS), and IOMMU if supported.
• Reboot and verify the restriction prompt is cleared before launching VALORANT.

Riot is also considering rolling this requirement out to all players at the highest competitive tiers – Ascendant and above – to ensure a consistent security baseline at the top of the ladder.

Vendor advisories and identifiers

Motherboard makers have published security notes acknowledging the issue and releasing fixes. Below is a concise summary. Installing the latest firmware is required to ensure protections are active from the first moment of boot.

Advisory overview – motherboard firmware fixes

Read also our article: DRAGON BALL Z KAKAROT DAIMA: what’s in Demon Realm Pack Part 2

What this closes off for cheat developers

By ensuring IOMMU and related safeguards initialize from the very start of boot, the pre-OS injection path for DMA hardware cheats is significantly reduced. Riot says this raises the barrier for an entire class of previously resilient cheats and helps keep them from hiding before Vanguard activates.

Final takeaway – what players should expect

If Vanguard flags your system, it means early-boot security is not verifiably active. Apply the latest BIOS/UEFI, enable the required protections, and restart. For competitive players – especially those in Ascendant-and-above brackets – expect tighter boot integrity checks to become part of the standard security baseline. The goal is straightforward: reduce pre-boot cheat vectors and keep matches fair.