ESET Identifies Vulnerability That Bypasses UEFI Secure Boot

Regional
ESET Identifies Vulnerability That Bypasses UEFI Secure Boot

Published:

Written by: Staff Editor
spot_img

Critical UEFI Vulnerability Discovered: CVE-2024-7344 Allows Bypass of Secure Boot

Critical UEFI Vulnerability Exposed: Millions of Systems at Risk

ESET researchers have uncovered a serious vulnerability affecting the majority of UEFI-based systems, allowing malicious actors to bypass UEFI Secure Boot protections. Identified as CVE-2024-7344, the flaw was found in a UEFI application signed by Microsoft’s “Microsoft Corporation UEFI CA 2011” certificate. This loophole lets untrusted code execute during system boot, potentially enabling the deployment of harmful UEFI bootkits like Bootkitty and BlackLotus on systems that have Secure Boot enabled, regardless of the underlying operating system.

ESET alerted the CERT Coordination Center (CERT/CC) about the vulnerability in June 2024, leading to successful communication with impacted vendors. By January 14, 2025, Microsoft had revoked the vulnerable binaries during the Patch Tuesday update and provided fixes across affected products.

The UEFI application in question is part of several real-time system recovery software suites from various developers, including Howyar Technologies and Signal Computer GmbH. ESET researcher Martin Smolár expressed concern about the increasing number of UEFI vulnerabilities, stating, “This incident raises questions about the overall security practices among third-party UEFI software vendors.”

The risk posed by CVE-2024-7344 isn’t confined to systems running the affected recovery software. Attackers could exploit any UEFI system with the Microsoft third-party certificate by loading their own harmful binaries, provided they possess elevated privileges required for deployment.

To mitigate the threat, users are urged to ensure their systems have the latest UEFI revocations from Microsoft. Automatic updates should safeguard Windows systems, while Linux users can access updates through the Linux Vendor Firmware Service. Microsoft’s advisory on the vulnerability offers further guidance for affected users, emphasizing the continued need for vigilance in UEFI security.

spot_img

Related articles

Recent articles

Government Sector Remains Top Cybercrime Target, Accounting for 19% of High-Severity Incidents in 2025

Regional
Government Sector Remains Top Cybercrime Target, Accounting for 19% of High-Severity Incidents in 2025 In a revealing analysis of the cybersecurity landscape, Kaspersky Security Services'...
Read more

Tata Steel Partners with Google Cloud to Accelerate Global AI Deployment Across Value Chain

Global
Tata Steel Partners with Google Cloud to Accelerate Global AI Deployment Across Value Chain In a significant move for the industrial sector, Tata Steel has...
Read more

AI Assistant OpenClaw Accelerates Security Risks as Organizations Navigate New Threats

Dark Watch
AI Assistant OpenClaw Accelerates Security Risks as Organizations Navigate New Threats The emergence of AI-based assistants, or “agents,” has gained significant traction among developers and...
Read more

Veeam Advances Cyber-Resilience Strategies for Enterprises Amid Rising Ransomware Threats

Features
Veeam Advances Cyber-Resilience Strategies for Enterprises Amid Rising Ransomware Threats In an era marked by escalating cyber threats, the need for robust data protection and...
Read more