Security News > 2025 > January > New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. Exploiting this vulnerability enables the execution of untrusted code during system boot, allowing attackers to deploy malicious UEFI bootkits, such as Bootkitty or BlackLotus, even on systems with UEFI Secure Boot enabled, regardless of the operating system. Impacted … More → The post New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2025/01/16/uefi-secure-boot-bypass-vulnerability-cve-2024-7344/
Related news
- New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Ivanti warns of maximum severity CSA auth bypass vulnerability (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- New UEFI Secure Boot flaw exposes systems to bootkits, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-7344 | Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. | 0.0 |