ESET details UEFI Secure Boot bypass vulnerability

1 day, 5 hours ago searchsecurity.techtarget.com

ESET researchers last year discovered an unsigned binary in a third-party UEFI application that could have been abused to bypass the Secure Boot process.

Share this item with your network:

Arielle Waldman, News Writer

ESET discovered a new bootloader vulnerability that the antimalware vendor said speaks to a larger issue regarding Unified Extensible Firmware Interfaces security practices.

ESET published a blog post on Thursday titled, "Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344," detailing a vulnerability that was first disclosed on Patch Tuesday this week. ESET researchers found the flaw in a UEFI application signed by Microsoft's third-party certificate and used by Howyar's Technology, Inc. Exploitation could allow an attacker to deploy malicious UEFI bootkits "even on systems with UEFI Secure Boot enabled," ESET said.

ESET reported the vulnerability to the CERT Coordination Center in June and coordinated with affected vendors then rolled out a fix with ...

Copyright of this story solely belongs to searchsecurity.techtarget.com . To see the full text click HERE

ESET researchers last year discovered an unsigned binary in a third-party UEFI application that could have been abused to bypass the Secure Boot process.

Share:

More related news