Updated
Updated · Ars Technica · Jul 14
Microsoft Left Secure Boot Exposed for 13 Years via 11 Unrevoked Shims
Updated
Updated · Ars Technica · Jul 14

Microsoft Left Secure Boot Exposed for 13 Years via 11 Unrevoked Shims

3 articles · Updated · Ars Technica · Jul 14

Summary

  • ESET found 11 Microsoft-signed shim firmware images—some dating to 2013—that can still bypass UEFI Secure Boot with little technical skill.
  • Microsoft oversees shim signing but failed to revoke vulnerable binaries after flaws were known, leaving old publicly available loaders trusted by affected systems.
  • That lets attackers on both Windows and Linux break the signed boot chain and install bootkits that survive OS reinstalls or even hard-drive replacement.
  • Secure Boot was introduced in 2012 to block firmware threats, yet the lapse left devices exposed to the kind of persistent malware seen in LoJax, MosaicRegressor, CosmicStrand and BlackLotus.

Insights

Beyond patching, what new defenses can stop bootkits from hijacking PCs before the operating system even loads?
With expired certificates enabling attacks, is the digital signature model for system startup fundamentally broken?