ESET Identifies Vulnerability That Bypasses UEFI Secure Boot

Regional
ESET Identifies Vulnerability That Bypasses UEFI Secure Boot

Published:

Written by: Staff Editor
spot_img

Critical UEFI Vulnerability Discovered: CVE-2024-7344 Allows Bypass of Secure Boot

Critical UEFI Vulnerability Exposed: Millions of Systems at Risk

ESET researchers have uncovered a serious vulnerability affecting the majority of UEFI-based systems, allowing malicious actors to bypass UEFI Secure Boot protections. Identified as CVE-2024-7344, the flaw was found in a UEFI application signed by Microsoft’s “Microsoft Corporation UEFI CA 2011” certificate. This loophole lets untrusted code execute during system boot, potentially enabling the deployment of harmful UEFI bootkits like Bootkitty and BlackLotus on systems that have Secure Boot enabled, regardless of the underlying operating system.

ESET alerted the CERT Coordination Center (CERT/CC) about the vulnerability in June 2024, leading to successful communication with impacted vendors. By January 14, 2025, Microsoft had revoked the vulnerable binaries during the Patch Tuesday update and provided fixes across affected products.

The UEFI application in question is part of several real-time system recovery software suites from various developers, including Howyar Technologies and Signal Computer GmbH. ESET researcher Martin Smolár expressed concern about the increasing number of UEFI vulnerabilities, stating, “This incident raises questions about the overall security practices among third-party UEFI software vendors.”

The risk posed by CVE-2024-7344 isn’t confined to systems running the affected recovery software. Attackers could exploit any UEFI system with the Microsoft third-party certificate by loading their own harmful binaries, provided they possess elevated privileges required for deployment.

To mitigate the threat, users are urged to ensure their systems have the latest UEFI revocations from Microsoft. Automatic updates should safeguard Windows systems, while Linux users can access updates through the Linux Vendor Firmware Service. Microsoft’s advisory on the vulnerability offers further guidance for affected users, emphasizing the continued need for vigilance in UEFI security.

spot_img

Related articles

Recent articles

UAE Issues Urgent Warning as AI-Powered Cyberattacks Surge to 700,000 Daily

Regional
UAE Issues Urgent Warning as AI-Powered Cyberattacks Surge to 700,000 Daily The United Arab Emirates (UAE) is grappling with an alarming rise in cyber threats,...
Read more

AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Plummets to 24-48 Hours

Global
AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Plummets to 24-48 Hours The landscape of cybercrime has evolved dramatically, with industrialized methods now enabling attacks that are...
Read more

Dubai Police Strengthen Global Fight Against Fraud, Arrest 276 in Major International Operation

Dark Watch
Dubai Police Strengthen Global Fight Against Fraud, Arrest 276 in Major International Operation In a significant international enforcement initiative, Operation Tri-Force Sentinel, spearheaded by Dubai...
Read more

Symbolic Developments Boosts Homeownership with Jetour T2 SUV Offer for May Buyers of Zen Residences

Regional
Symbolic Developments Boosts Homeownership with Jetour T2 SUV Offer for May Buyers of Zen Residences In a strategic move to enhance the homebuying experience, Symbolic...
Read more