New UEFI Vulnerability CVE-2024-7344 Discovered
/ 1 min read
🔒💻 New UEFI vulnerability CVE-2024-7344 allows bypassing Secure Boot on many systems. ESET researchers identified a significant vulnerability in UEFI applications signed by Microsoft, enabling the execution of untrusted code during system boot, which could facilitate the deployment of malicious UEFI bootkits. This flaw affects numerous UEFI-based systems, particularly those using recovery software from various vendors, including Howyar and Greenware. The vulnerability arises from a custom PE loader that bypasses standard UEFI security checks. Microsoft has since revoked the affected binaries and issued patches as of January 14, 2025. Users are advised to update their systems to mitigate potential risks associated with this vulnerability.
