Eleven outdated Microsoft-signed Unified Extensible Firmware Interface (UEFI) applications have been discovered that can be exploited to bypass Secure Boot on most systems, according to a recent report by The Hacker News.These vulnerable UEFI applications, primarily older versions of the shim bootloader, can allow attackers to execute untrusted code during system startup, according to ESET researcher Martin Smolár. This enables the deployment of malicious UEFI bootkits or other malware, even when Secure Boot protections are active. The vulnerability stems from the fact that these older shims are signed with a Microsoft certificate authority (CA) that, while expired, has not been explicitly revoked for these specific applications. This allows attackers to leverage the "bring your own vulnerable driver" (BYOVD) technique to bypass security mechanisms and gain arbitrary code execution before the operating system loads.The issue affects various Linux distributions and software from vendors like Red Hat, Oracle, and OpenSuse. The CERT Coordination Center noted that vendor-specific bootloaders were not updated to address known vulnerabilities, leaving a supply chain exposure. The bypass can evade detection by operating system security controls and endpoint detection and response (EDR) solutions, potentially allowing for persistent access that survives reboots and reinstallation.Source: The Hacker News
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




