‘No new vulnerabilities needed to bypass UEFI Secure Boot’: Experts find attackers can exploit decades-old flaws to gain access to key systems


  • ESET discovers 11 vulnerable UEFI shim bootloaders signed by Microsoft, allowing attackers to bypass secure boot and deploy malicious boot kits
  • Any UEFI system trusting Microsoft’s 2011 third-party certificate could be exposed, potentially billions of devices; attackers can bring old trust holds to new systems
  • Microsoft has revoked the vulnerable holds and users should apply the latest UEFI revocations (Windows, Linux automatic updates via LVFS) to block the exploit.

ESET cybersecurity experts have discovered 11 vulnerable UEFI shim bootloaders, all signed by Microsoft, that could allow malicious actors to exploit old vulnerabilities and bypass UEFI Secure Boot, deploying all sorts of malicious boot kits.

A shim is a small intermediate bootloader that functions as a bridge between a computer’s firmware (UEFI) and the operating system’s bootloader. Its main purpose is to allow operating systems to work with UEFI Secure Boot without Microsoft signing each Linux bootloader individually.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top