John Mathews enhanced firmware security and reliability in the microsoft/mu_basecore repository by addressing a critical vulnerability in the SMM path. He fixed CVE-2025-3770 through targeted assembly changes, implementing safe handling of the Interrupt Descriptor Table (IDT) register on SMM entry and delaying Machine Check Event (MCE) enablement until after the SMM IDT was reloaded. This approach prevented issues related to uninitialized IDT limits and improved the robustness of the SMM entry process. Leveraging his expertise in low-level programming, security, and system programming, John’s work ensured consistent hardening of the UefiCpuPkg/PiSmmCpuDxeSmm stack without introducing regressions.