Cybersecurity researchers have uncovered a critical flaw within a UEFI application, potentially leaving countless systems vulnerable to malicious bootkits. The vulnerability, identified by ESET, allows attackers to bypass UEFI Secure Boot—an essential security feature designed to ensure only trusted software runs during startup.
At the heart of the issue is an unnamed yet widely used UEFI application, reportedly part of several real-time system recovery software suites from multiple vendors. This application was signed with a vulnerable certificate and utilized a custom PE loader rather than the standard and secure UEFI functions, LoadImage and StartImage. This deviation enabled threat actors to execute untrusted code during the boot process, paving the way for the installation of bootkits capable of compromising even secured devices.
Worse still, ESET noted that the flaw, identified as CVE-2024-7344, affects all UEFI systems where Microsoft’s third-party UEFI signing is enabled. This vulnerability not only impacts devices with the recovery software installed but also allows malicious users to bring their own copies of the unsafe binary to any susceptible system.
Luckily, Microsoft addressed the flaw with a fix included in its January 2025 Patch Tuesday cumulative update. Released on January 14, this update is vital for all Windows users. Security experts strongly recommend applying the patch immediately to mitigate risks.
While the swift introduction of a fix offers reassurance, ESET researchers highlight a more troubling trend. According to Martin Smolár, the researcher responsible for identifying the vulnerability, this is not the first instance of unsafe and signed UEFI binaries coming to light. The repeated discovery of these flaws raises critical questions about how third-party UEFI software vendors approach security and whether additional unidentified vulnerabilities exist in the ecosystem.
The UEFI Secure Boot flaw underscores the importance of maintaining current security measures to protect your systems. Keeping software up to date remains your best line of defense against such exploits. Microsoft‘s rapid response to this vulnerability demonstrates the urgency and seriousness of the threat, but it’s up to users to ensure the patch is applied to prevent exposure.
This latest incident serves as a reminder that even trusted security features like UEFI Secure Boot are not impervious. Vigilance and timely updates are essential to counter any emerging threats in this constantly evolving cybersecurity landscape.
RS News or Research Snipers focuses on technology news with a special focus on mobile technology, tech companies, and the latest trends in the technology industry. RS news has vast experience in covering the latest stories in technology.
The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…
Amazon made a big mistake and revealed the entire lineup of the Google Pixel 11…
A payment card is easiest to understand when users see how it fits into real…
OnePlus will soon be history. At least in Europe and the USA. What has been…
Nintendo is reportedly still internally planning an OLED version of the Switch 2 for the…
Google appears to be starting to distribute the new immersive navigation for Google Maps. The…