ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. Exploiting this vulnerability enables the execution of untrusted code during system boot, allowing attackers to deploy malicious UEFI bootkits, such as Bootkitty or BlackLotus, even on systems with UEFI Secure Boot enabled, regardless of the operating system. Impacted … More
The post New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) appeared first on Help Net Security.
