‘No new vulnerability needed to bypass UEFI secure boot’: Experts find attackers can exploit decades-old flaws to gain access to key systems



  • ESET discovers 11 vulnerable UEFI shim bootloaders signed by Microsoft, allowing attackers to bypass secure boot and deploy malicious bootkits
  • Any UEFI system that relies on the Microsoft 2011 third-party certificate could be exposed, potentially billions of devices; Attackers can push old trusted fixes into new systems.
  • Microsoft has revoked the vulnerable fixes and users should apply the latest UEFI (Windows Automatic Updates, Linux over LVFS) reversals to block the exploit.

ESET cybersecurity experts have discovered 11 vulnerable UEFI shim bootloaders, all signed by Microsoft, that could allow threat actors to exploit old vulnerabilities and bypass UEFI secure boot, deploying all kinds of malicious bootkits.

A shim is a small intermediary bootloader that acts as a bridge between a computer’s firmware (UEFI) and the operating system’s bootloader. Its main goal is to allow operating systems to work with UEFI Secure Boot without Microsoft signing each Linux bootloader individually.

Leave a Comment

Your email address will not be published. Required fields are marked *