A security software provider has discovered a security hole that can be used to bypass UEFI Secure Boot. This allows criminals to inject malware when the computer boots up. Microsoft released a security patch in January to close the vulnerability.
A newly discovered security vulnerability threatens the integrity of computer systems worldwide: Researchers from the IT security manufacturer ESET have identified a vulnerability that can bypass the so-called UEFI Secure Boot. This function, which is intended to ensure secure system startup, is activated on most modern computers.
UEFI bootkits can be introduced
The security vulnerability (CVE-2024-7344) affects a software component signed by Microsoft. Attackers can use this vulnerability to execute malicious code when a system boots up. This makes it possible to inject UEFI bootkits such as BootKitty or BlackLotus - completely independent of the installed operating system.
ESET reported the vulnerability to the CERT Coordination Center (CERT/CC) in June 2024, which immediately contacted the affected manufacturers. Thanks to this cooperation, the problem was resolved: With the Patch Tuesday update on January 14, 2025, Microsoft removed the vulnerable software components and thus restored security.
Subscribe to our newsletter now
Read the best news from B2B CYBER SECURITY once a monthWhich systems are affected?
The vulnerability affects software used in various system recovery programs. Affected manufacturers include:
- Howyar Technologies Inc.
- Greenware Technologies
- Radix Technologies Ltd.
- SANFONG Inc.
- Wasay Software Technology Inc.
- Computer Education System Inc.
- Signal Computer GmbH
Martin Smolár, the ESET researcher who discovered the vulnerability, explains: "It turns out that even a security feature as essential as UEFI Secure Boot does not offer an absolute guarantee. What is particularly alarming is that insecure but nevertheless signed software components are apparently not uncommon."
The vulnerability does not only pose a threat to systems with the affected software. Attackers can exploit the vulnerability by installing the faulty software on any UEFI system that accepts Microsoft's third-party UEFI certificate. However, this requires that they have administrative access rights (e.g. as a local administrator under Windows or with root rights under Linux).
Latest UEFI updates from Microsoft close the security gap
The error is caused by the use of an insecure PE loader. This contains instructions and data required for programs or system processes to operate. UEFI uses secure functions such as LoadImage and StartImage to load such files by default. An insecure PE loader, such as the one used in the discovered vulnerability, bypasses these standards and thus poses a risk. All systems with third-party UEFI signatures enabled are affected - this option is disabled by default on Windows 11 Secured Core PCs.
The gap can be closed with the latest UEFI updates from Microsoft. Windows systems should receive these automatically. Users of Linux systems can find the relevant updates via the Linux Vendor Firmware Service. Further details on the security gap CVE-2024-7344 can be found in the Microsoft notice, which can be accessed here.
More at ESET.de
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.
Matching articles on the topic