Security News > 2025 > January > New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. Exploiting this vulnerability enables the execution of untrusted code during system boot, allowing attackers to deploy malicious UEFI bootkits, such as Bootkitty or BlackLotus, even on systems with UEFI Secure Boot enabled, regardless of the operating system. Impacted … More → The post New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2025/01/16/uefi-secure-boot-bypass-vulnerability-cve-2024-7344/
Related news
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-7344 | Improper Verification of Cryptographic Signature vulnerability in multiple products Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. | 8.2 |