New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

2025-01-16 11:23

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new

News URL

https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html

#boot #uefi #vulnerability #CVE-2024-7344

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-14	CVE-2024-7344	Improper Verification of Cryptographic Signature vulnerability in multiple products Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. local low complexity howyar signalcomputer wasay sanfong greenware cs-grp radix CWE-347	8.2