ESET Identifies Vulnerability That Bypasses UEFI Secure Boot

Published:

spot_img

Critical UEFI Vulnerability Discovered: CVE-2024-7344 Allows Bypass of Secure Boot

Critical UEFI Vulnerability Exposed: Millions of Systems at Risk

ESET researchers have uncovered a serious vulnerability affecting the majority of UEFI-based systems, allowing malicious actors to bypass UEFI Secure Boot protections. Identified as CVE-2024-7344, the flaw was found in a UEFI application signed by Microsoft’s “Microsoft Corporation UEFI CA 2011” certificate. This loophole lets untrusted code execute during system boot, potentially enabling the deployment of harmful UEFI bootkits like Bootkitty and BlackLotus on systems that have Secure Boot enabled, regardless of the underlying operating system.

ESET alerted the CERT Coordination Center (CERT/CC) about the vulnerability in June 2024, leading to successful communication with impacted vendors. By January 14, 2025, Microsoft had revoked the vulnerable binaries during the Patch Tuesday update and provided fixes across affected products.

The UEFI application in question is part of several real-time system recovery software suites from various developers, including Howyar Technologies and Signal Computer GmbH. ESET researcher Martin Smolár expressed concern about the increasing number of UEFI vulnerabilities, stating, “This incident raises questions about the overall security practices among third-party UEFI software vendors.”

The risk posed by CVE-2024-7344 isn’t confined to systems running the affected recovery software. Attackers could exploit any UEFI system with the Microsoft third-party certificate by loading their own harmful binaries, provided they possess elevated privileges required for deployment.

To mitigate the threat, users are urged to ensure their systems have the latest UEFI revocations from Microsoft. Automatic updates should safeguard Windows systems, while Linux users can access updates through the Linux Vendor Firmware Service. Microsoft’s advisory on the vulnerability offers further guidance for affected users, emphasizing the continued need for vigilance in UEFI security.

spot_img

Related articles

Recent articles

TCS Strengthens Digital Infrastructure as Technology Partner for New Terminal One at JFK Airport

TCS Strengthens Digital Infrastructure as Technology Partner for New Terminal One at JFK Airport The New Terminal One at John F. Kennedy International Airport (JFK)...

Enterprise Events Transform: Key Trends Shaping 2027

Enterprise Events Transform: Key Trends Shaping 2027 As the landscape of enterprise events evolves, the focus is shifting from traditional formats to more interactive, knowledge-driven...

EU Accelerates Review of Social Media Age Limits Following Child Safety Report

EU Accelerates Review of Social Media Age Limits Following Child Safety Report The European Commission is advancing toward the implementation of new measures aimed at...

Spire Solutions Advances Cyber Resilience in MEA with E-7 Cyber’s BlindSpot Platform Partnership

Spire Solutions Advances Cyber Resilience in MEA with E-7 Cyber’s BlindSpot Platform Partnership Spire Solutions has forged a strategic distribution partnership with E-7 Cyber, aimed...