ESET Identifies Vulnerability That Bypasses UEFI Secure Boot

Critical UEFI Vulnerability Discovered: CVE-2024-7344 Allows Bypass of Secure Boot

Critical UEFI Vulnerability Exposed: Millions of Systems at Risk

ESET researchers have uncovered a serious vulnerability affecting the majority of UEFI-based systems, allowing malicious actors to bypass UEFI Secure Boot protections. Identified as CVE-2024-7344, the flaw was found in a UEFI application signed by Microsoft’s “Microsoft Corporation UEFI CA 2011” certificate. This loophole lets untrusted code execute during system boot, potentially enabling the deployment of harmful UEFI bootkits like Bootkitty and BlackLotus on systems that have Secure Boot enabled, regardless of the underlying operating system.

ESET alerted the CERT Coordination Center (CERT/CC) about the vulnerability in June 2024, leading to successful communication with impacted vendors. By January 14, 2025, Microsoft had revoked the vulnerable binaries during the Patch Tuesday update and provided fixes across affected products.

The UEFI application in question is part of several real-time system recovery software suites from various developers, including Howyar Technologies and Signal Computer GmbH. ESET researcher Martin Smolár expressed concern about the increasing number of UEFI vulnerabilities, stating, “This incident raises questions about the overall security practices among third-party UEFI software vendors.”

The risk posed by CVE-2024-7344 isn’t confined to systems running the affected recovery software. Attackers could exploit any UEFI system with the Microsoft third-party certificate by loading their own harmful binaries, provided they possess elevated privileges required for deployment.

To mitigate the threat, users are urged to ensure their systems have the latest UEFI revocations from Microsoft. Automatic updates should safeguard Windows systems, while Linux users can access updates through the Linux Vendor Firmware Service. Microsoft’s advisory on the vulnerability offers further guidance for affected users, emphasizing the continued need for vigilance in UEFI security.

ESET Identifies Vulnerability That Bypasses UEFI Secure Boot

Critical UEFI Vulnerability Discovered: CVE-2024-7344 Allows Bypass of Secure Boot

Related articles

Intersec 2025 Awards Celebrate Outstanding Achievements in Security Innovation

Has the TikTok Ban Already Undermined US Cybersecurity?

Trend Micro and Intel Join Forces to Combat Stealthy Threats

Recent articles

Severe Mozilla Vulnerabilities Found in Firefox and Thunderbird

How Motorola Solutions is Addressing Today’s Safety Challenges – Security Review Magazine

Unsecured Tunneling Protocols Leave 4.2 Million Devices Vulnerable, Impacting VPNs and Routers

December 2024 Sees First AI-Powered Ransomware ‘FunkSec’ Target Over 80 Victims

Latest Updates

Severe Mozilla Vulnerabilities Found in Firefox and Thunderbird

How Motorola Solutions is Addressing Today’s Safety Challenges – Security Review Magazine

Unsecured Tunneling Protocols Leave 4.2 Million Devices Vulnerable, Impacting VPNs and Routers

December 2024 Sees First AI-Powered Ransomware ‘FunkSec’ Target Over 80 Victims