Home » Technology » Microsoft » Microsoft Blocks UEFI Boot Loaders That Can Bypass Secure Boot

Microsoft Blocks UEFI Boot Loaders That Can Bypass Secure Boot

Security researchers have criticized Microsoft for responding to the discovery of new vulnerabilities in the bootloader that could be exploited to gain control during the boot process. Microsoft simply blocked some UEFI bootloaders. With the new Patch Day August updates for Windows 10 and Windows 11, Microsoft has excluded three third-party UEFI bootloaders.

The vulnerabilities are in third-party bootloaders: Eurosoft Ltd. (CVE-2022-34301); New Horizon Datasys, Inc. (CVE-2022-34302); and Kidan’s CryptoPro Secure Disk (CVE-2022-34303). If the vulnerabilities are exploited, threat actors can bypass Secure Boot and ignore the security protocol used by OEMs and operating system vendors to ensure that boot loaders and UEFI drivers are authenticated with valid digital signatures.

Circumvention makes it possible to inject malicious code

Bypassing Secure Boot checks, threat actors can launch attacks, modify the operating system, disable security checks, and install backdoors.

Problem certificate authority

To Block these bootloaders is of course fundamentally good so that the security gaps cannot be exploited further. The problem with this can be seen with Microsoft and not just with the third-party providers – because previously Microsoft had simply signed the bootloader and thus issued them with a “certificate of no objection”. While the bootloaders in question are not Microsoft products, they are signed by the software giant’s UEFI Certificate Authority (CA).

According to the security researchers, the problem is that Microsoft signed the now-excluded (and other) bootloaders without a full code analysis. “These third parties submit their bootloaders to Microsoft for review, but different vendors have different levels of security,” said one of the researchers. Online magazine SearchSecurity. Consequently, engineered bootloaders can pass the Secure Boot test as they are signed by Microsoft. “It just checks if the code is what you expect on the system. It doesn’t check if the code is right or wrong”. In any case, Microsoft has yet to fix this fundamental flaw.