Microsoft Fixes UEFI Bootloads That Bypass Windows Secure Boot Feature

Share post:

Microsoft has identified three UEFI bootloads that can bypass the Windows Secure Boot feature and execute unsigned code.

Secure Boot is part of the UEFI specification, which is designed to ensure that only trust code signed with a specific certificate supplied by the manufacturer is executed to start the boot process of the operating system.

The three Microsoft-approved bootloads include New Horizon Datasys (CVE-2022-34302: bypass Secure Boot via custom installer), CryptoPro Secure Disk (CVE-2022-34301: bypass Secure Boot via UEFI Shell execution) and Eurosoft (UK) (CVE-2022-34303: bypass Secure Boot via UEFI Shell execution).

Microsoft has worked with the last two vendors in the above list to release security update KB5012170 to fix the issue in the provided bootloader. Microsoft also blocked all required certificates issued with the July 2022 security update release.

The signed third-party bootloaders for the Unified Extensible Firmware Interface (UEFI) could allow attackers to execute unauthorized code at an early stage of the boot process before the operating system is loaded.

Threat actors could exploit the vulnerability to create persistence on a target system that cannot be removed by reinstalling the operating system.

Vulnerabilities in UEFI bootloaders were discovered by Eclypsium security researchers Mickey Shkatov and Jesse Michael.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways