Security Researchers Find UEFI Secure Boot Bypass Vulnerability

The vulnerability has a CVSS score of 6.7 and is present in a UEFI application signed by Microsoft's 'Microsoft Corporation UEFI CA 2011' third-party certificate.

A recently patched security vulnerability in Unified Extensible Firmware Interface (UEFI) systems could allow attackers to bypass Secure Boot protections and compromise system safety during the boot process. The flaw is identified as CVE-2024-7344 and was discovered by ESET researchers and reported by The Hacker News.

The vulnerability has a CVSS score of 6.7 and is present in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party certificate. This uses a special PE loader instead of standard UEFI functions. It lets computers load unsigned UEFI programs when they start up, no matter if Secure Boot is on or off.

Affected software includes products from Howyar Technologies, Greenware Technologies, Radix Technologies, SANFONG, Wasay Software Technology, Computer Education System, and ...