HeadlinesBriefing favicon HeadlinesBriefing.com

Microsoft Secure Boot Flaw Exposed

Ars Technica •
×

Microsoft's Secure Boot, an industry standard designed to protect devices from firmware infections, has been found to be easily bypassable for 13 years. Security firm ESET discovered 11 firmware images, some dating back to 2013, that were known to be vulnerable but remained signed by Microsoft. These "shims," used to extend Secure Boot to Linux and utility software, were not revoked by Microsoft after vulnerabilities were found.

This oversight allows novice hackers to circumvent Secure Boot, enabling the installation of malicious firmware that persists even after OS reinstallation or hard drive replacement. The threat affects both Windows and Linux users. The bypass requires only an old, trusted, unrevoked shim and basic knowledge of UEFI shims, as no novel vulnerabilities are needed.

Secure Boot, introduced in 2012 to combat bootkits, relies on a chain of digitally signed firmware. The failure to revoke these specific shims undermines this trust. While Microsoft has since revoked the problematic shims, the company has not explained the lapse. The complexity of Secure Boot and its revocation mechanisms is cited as a potential contributing factor to this decade-long vulnerability.