Security News > 2022 > August > Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass

Some signed third-party bootloaders for the Unified Extensible Firmware Interface could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating system loads.
Eclypsium security researchers Mickey Shkatov and Jesse Michael discovered vulnerabilities affecting UEFI bootloaders from third-party vendors that could be exploited to bypass the Secure Boot feature on Windows machines.
Secure Boot is part of the UEFI specification designed to ensure that only trusted code - signed with a specific, vendor-supplied certificate - is executed to start the OS booting process.
The firmware bootloader runs immediately after turning on the system to initialize the hardware and to boot the UEFI environment responsible for launching the Windows Boot Manager.
In an advisory this week about the vulnerabilities, the Carnegie Mellon CERT Coordination Center warns that code executed in the early boot stages could "Also evade common OS-based and EDR security defenses."
A fix for these vulnerabilities should be delivered either by the Original Equipment Manufacturer or the OS vendor by updating the UEFI Revocation List - the Secure Boot Forbidden Signature Database, a database of revoked signatures for previously approved firmware and software that starts systems with UEFI Secure Boot.
News URL
Related news
- Microsoft tests new Windows 11 tool to remotely fix boot crashes (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option (source)
- Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)