WeLiveSecurity

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI ...
Ars Technica

Microsoft patches Secure Boot flaw, but won’t enable fix by default until early 2024

It sounds to me like claiming that all old Windows versions will be unbootable is an overstatement. Rather, it's most likely the case that you won't be able to boot old media when Secure Boot is ...
Bleeping Computer

Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass

Some signed third-party bootloaders for the Unified Extensible Firmware Interface (UEFI) could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating ...
Bleeping Computer

BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11

The developers of the BlackLotus UEFI bootkit have improved the malware with Secure Boot bypass capabilities that allow it to infect even fully patched Windows 11 systems. BlackLotus is the first ...
WeLiveSecurity

BlackLotus UEFI bootkit: Myth confirmed

The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’t gone unnoticed by threat actors.
Ars Technica

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

Researchers have unearthed two publicly available exploits that completely evade protections offered by Secure Boot, the industry-wide mechanism for ensuring devices load only secure operating system ...