Technology

UEFI Secure Boot Flaw Puts Systems at Risk of Bootkits

Cybersecurity researchers have uncovered a critical flaw within a UEFI application, potentially leaving countless systems vulnerable to malicious bootkits. The vulnerability, identified by ESET, allows attackers to bypass UEFI Secure Boot—an essential security feature designed to ensure only trusted software runs during startup.

The Vulnerable UEFI Application

At the heart of the issue is an unnamed yet widely used UEFI application, reportedly part of several real-time system recovery software suites from multiple vendors. This application was signed with a vulnerable certificate and utilized a custom PE loader rather than the standard and secure UEFI functions, LoadImage and StartImage. This deviation enabled threat actors to execute untrusted code during the boot process, paving the way for the installation of bootkits capable of compromising even secured devices.

Worse still, ESET noted that the flaw, identified as CVE-2024-7344, affects all UEFI systems where Microsoft’s third-party UEFI signing is enabled. This vulnerability not only impacts devices with the recovery software installed but also allows malicious users to bring their own copies of the unsafe binary to any susceptible system.

Microsoft Responds

Luckily, Microsoft addressed the flaw with a fix included in its January 2025 Patch Tuesday cumulative update. Released on January 14, this update is vital for all Windows users. Security experts strongly recommend applying the patch immediately to mitigate risks.

A Concerning Pattern

While the swift introduction of a fix offers reassurance, ESET researchers highlight a more troubling trend. According to Martin Smolár, the researcher responsible for identifying the vulnerability, this is not the first instance of unsafe and signed UEFI binaries coming to light. The repeated discovery of these flaws raises critical questions about how third-party UEFI software vendors approach security and whether additional unidentified vulnerabilities exist in the ecosystem.

Stay Protected

The UEFI Secure Boot flaw underscores the importance of maintaining current security measures to protect your systems. Keeping software up to date remains your best line of defense against such exploits. Microsoft‘s rapid response to this vulnerability demonstrates the urgency and seriousness of the threat, but it’s up to users to ensure the patch is applied to prevent exposure.

This latest incident serves as a reminder that even trusted security features like UEFI Secure Boot are not impervious. Vigilance and timely updates are essential to counter any emerging threats in this constantly evolving cybersecurity landscape.

via

Share
Published by
RS News
Tags: flawUEFI

Recent Posts

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

11 hours ago

Pixel 11: Mega leak shows images and data from the new Google smartphones

Amazon made a big mistake and revealed the entire lineup of the Google Pixel 11…

11 hours ago

Top 10 Payment Card Tools for Everyday Digital Finance

A payment card is easiest to understand when users see how it fits into real…

16 hours ago

OnePlus is ‘dead’: Oppo wants to soon announce its withdrawal from the EU & USA

OnePlus will soon be history. At least in Europe and the USA. What has been…

17 hours ago

Switch 2 OLED: Nintendo is apparently planning a display upgrade after all

Nintendo is reportedly still internally planning an OLED version of the Switch 2 for the…

17 hours ago

Maps: Google launches major visual update with immersive navigation

Google appears to be starting to distribute the new immersive navigation for Google Maps. The…

17 hours ago