skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

New UEFI Vulnerability Affects Secure Boot Mechanism

/ 1 min read

🛡️✨ New UEFI vulnerability threatens Secure Boot integrity. A recently disclosed security flaw, identified as CVE-2024-7344, could allow attackers to bypass the Secure Boot mechanism in UEFI systems, potentially enabling the execution of malicious UEFI bootkits. The vulnerability, which has a CVSS score of 6.7, affects UEFI applications signed by Microsoft’s third-party certificate and can lead to the loading of unsigned code during system boot. ESET researchers highlighted that the issue stems from a custom PE loader used in certain recovery software, allowing exploitation even with Secure Boot enabled. While the flaw has been patched, concerns remain about the prevalence of similar vulnerabilities in third-party UEFI software, prompting calls for improved security measures and vigilance in UEFI implementations.

Source
{entry.data.source.title}
Original