Forgotten UEFI shims undermining Secure Boot

https://web-assets.esetstatic.com/wls/2026/07-26/uefi-shims/uefi-shims-secure-boot-vulnerability.jpg

ESET researchers identified 11 old and forgotten UEFI shim bootloaders at versions 0.9 and below that can be used to bypass UEFI Secure Boot on any UEFI-based machine that trusts Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate authority (CA) certificate, regardless of the installed operating system (OS). Reported shims can be exploited to execute untrusted code during system boot, enabling attackers to deploy malicious UEFI bootkits (such as Bootkitty, HybridPetya, or BlackLotus) even on systems with UEFI Secure Boot enabled. We reported our findings to CERT/CC in February 2026, and the vulnerable UEFI applications were revoked on Microsoft’s June 9th, 2026 Patch Tuesday.

While two CVE IDs were assigned to this case to cover the reported shims, CVE-2026-8863 and CVE-2026-10797, exploitation of each reported shim is not just about a single bug or two that can be found in these old shims directly. In...

Copyright of this story solely belongs to welivesecurity.com. To see the full text click HERE

Read more