- Binarly spotted a legitimate, reliable public service on most modern systems using UEFI firmware, bearing a defect
- The defect allowed the threats of the threat to deploy malware from Bootkit
- Microsoft corrected it the cumulative update of the June 2025 patch
Microsoft has corrected a secure start -up vulnerability that allowed threatening players to deactivate security solutions and install Bootkit malware on most PCs.
Security researchers have recently discovered a legitimate BIOS update utility, signed with Microsoft’s UEFI CA certificate. This root certificate, used in the unified secure secure start -up process interface of the firmware (UEFI), plays a central role in the verification of the authenticity and integrity of the start -up chargers, operating systems and other low level software before system boots.
According to the researchers, the public service is faithful to most modern systems using the UEFI firmware-but the problem stems from the fact that it reads a Nvram-Nvram-Writer variable without validation, which means that an attacker having administrator access to a operating system can change the variable and write arbitrary data to the memory locations during the UEFI start-up process.
Binarly has managed to use this vulnerability to deactivate secure start and allow all UEFI modules not signed to execute. In other words, they have been able to deactivate the security features and install Bootkit malware that cannot be deleted even if the hard drive is replaced.
The vulnerable module has been circulating in the wild since 2022 and was downloaded from Virustotal in 2024 before being reported to Microsoft at the end of February 2025.
Microsoft recently published the June edition of Patch on Tuesday, its cumulative update concerning different vulnerabilities, recently discovered, among which was the arbitrary vulnerability of writing in the UEFI firmware signed by Microsoft, which is now followed under the name of CVE-2025-3052. He received a severity score of 8.2 / 10 (high).
The company also determined that vulnerability affected 14 modules in total, which now repaired them all.
“During the sorting process, Microsoft determined that the problem did not affect a single module as initially believed, but in fact 14 different modules,” said Binarly. “For this reason, the updated DBX released during the patch on Tuesday, June 10, 2025 contains 14 new hatching.”
Via Bleeping Compompute
