ESET Identifies Vulnerability That Bypasses UEFI Secure Boot

Regional
ESET Identifies Vulnerability That Bypasses UEFI Secure Boot

Published:

Written by: Staff Editor
spot_img

Critical UEFI Vulnerability Discovered: CVE-2024-7344 Allows Bypass of Secure Boot

Critical UEFI Vulnerability Exposed: Millions of Systems at Risk

ESET researchers have uncovered a serious vulnerability affecting the majority of UEFI-based systems, allowing malicious actors to bypass UEFI Secure Boot protections. Identified as CVE-2024-7344, the flaw was found in a UEFI application signed by Microsoft’s “Microsoft Corporation UEFI CA 2011” certificate. This loophole lets untrusted code execute during system boot, potentially enabling the deployment of harmful UEFI bootkits like Bootkitty and BlackLotus on systems that have Secure Boot enabled, regardless of the underlying operating system.

ESET alerted the CERT Coordination Center (CERT/CC) about the vulnerability in June 2024, leading to successful communication with impacted vendors. By January 14, 2025, Microsoft had revoked the vulnerable binaries during the Patch Tuesday update and provided fixes across affected products.

The UEFI application in question is part of several real-time system recovery software suites from various developers, including Howyar Technologies and Signal Computer GmbH. ESET researcher Martin Smolár expressed concern about the increasing number of UEFI vulnerabilities, stating, “This incident raises questions about the overall security practices among third-party UEFI software vendors.”

The risk posed by CVE-2024-7344 isn’t confined to systems running the affected recovery software. Attackers could exploit any UEFI system with the Microsoft third-party certificate by loading their own harmful binaries, provided they possess elevated privileges required for deployment.

To mitigate the threat, users are urged to ensure their systems have the latest UEFI revocations from Microsoft. Automatic updates should safeguard Windows systems, while Linux users can access updates through the Linux Vendor Firmware Service. Microsoft’s advisory on the vulnerability offers further guidance for affected users, emphasizing the continued need for vigilance in UEFI security.

spot_img

Related articles

Recent articles

Building Blocks of Leadership: The Intelligent CISO’s Skills

Regional
Building Resilient Security Teams: Insights for CISOs In today’s fast-paced digital landscape, the role of Chief Information Security Officers (CISOs) has evolved dramatically. With the...
Read more

Breaking: Salvation Army Targeted in Suspected Ransomware Attack

Global
Ransomware Attack Allegedly Targets The Salvation Army Introduction to the Incident Reports have emerged regarding a possible ransomware attack on The Salvation Army, a well-known international...
Read more

Alghanim Industries Partners with Starlink for a Borderless Digital Future

Knowledge Hub
Bridging the Digital Divide: Alghanim Industries Partners with Starlink In a groundbreaking move towards a borderless digital future, Alghanim Industries has entered into a strategic...
Read more

Addressing Rising Youth Suicide Rates: The Urgent Call to Action

Dark Watch
Understanding Youth Mental Health in New Zealand: A Concerning Status Quo New Zealand consistently finds itself in conversations about youth mental health, often for troubling...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com