Security News > 2021 > January > Microsoft fixes Secure Boot bug allowing Windows rootkit installation
Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled.
"An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software," Microsoft explains.
To block untrusted or known vulnerable third-party bootloaders when Secure Boot is toggled on, Windows devices with UEFI firmware use the Secure Boot Forbidden Signature Database.
The KB4535680 security update released by Microsoft as part of the January 2021 Patch Tuesday addresses the vulnerability by blocking known vulnerable third-party UEFI modules to the DBX. Users have to install this standalone security update in addition to the normal security update to block attacks designed to exploit this Secure Boot vulnerability.
On systems where updates need to be installed manually, you will be required to first download KB4535680 for their platform from the Microsoft Update Catalog.
Microsoft also released guidance for applying Secure Boot DBX updates after the disclosure of the BootHole GRUB bootloader vulnerability in July 2020 which also allows for Secure Boot bypass.
News URL
Related news
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft wants $30 if you want to delay Windows 11 switch (source)
- Microsoft delays Windows Recall again, now by December (source)
- Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft Notepad to get AI-powered rewriting tool on Windows 11 (source)
- Microsoft says recent Windows 11 updates break SSH connections (source)