On December 18, 2025, Riot Games published a security update detailing the discovery of a critical flaw affecting a variety of modern motherboards, which could allow hardware-based cheats to inject code before Windows loads, and therefore potentially before Vanguard can respond. As a result, the anti-cheat will begin enforcing stricter checks related to boot security for certain players, with access potentially blocked via VAN:Restriction if the motherboard firmware is not up to date.

A pre-boot window that cheaters can exploit

Riot reiterates a straightforward principle: during startup, components loaded first operate with greater privileges than those loaded later, including the operating system, which creates an opportunity for "pre-boot" attacks to conceal themselves very early in the boot chain. The core of this update concerns the IOMMU, a hardware security mechanism used, among other things, to counter cheats relying on Direct Memory Access (DMA), devices capable of reading or writing system memory directly while bypassing both the CPU and Windows.

Riot explains that the Pre-Boot DMA Protection feature is intended to enable the IOMMU extremely early; however, certain firmware implementations allegedly reported to the operating system that the protection was active even though the IOMMU had not been correctly initialized at the very beginning of the boot process. The upshot is that a brief window could be sufficient for a sophisticated hardware cheat to inject "invisible" code before Vanguard comes online. Riot adds that it shared its findings with hardware partners, who validated the issue and produced comprehensive BIOS updates designed to close this gap.

Riot's request for affected players

Practically speaking, Riot says Vanguard will soon begin enforcing these strengthened boot-time checks for some players. If a system is deemed “untrusted” because of this situation, Vanguard may trigger a VAN:Restriction, preventing VALORANT from launching and displaying what must be enabled or updated to play again.

Riot also clarifies that receiving such a warning does not automatically mean a player is cheating. The aim is to enforce a “minimum security baseline,” since some configurations can too closely resemble those used to bypass protections. Riot also says it is considering rolling this requirement out to all players at the highest tiers (Ascendant and above) to ensure a trusted baseline at the top of the ladder.

On the support side, Riot recommends following the manufacturer’s official guidance to update the BIOS/firmware if a motherboard-related message appears. Finally, the north-american editor acknowledges that BIOS updates are not especially exciting, but frames the change as a necessary step in the fight against hardware cheating, intended to close a loophole that could have significantly undermined existing DMA defenses beyond Riot’s own games.