Security News > 2025 > January > New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
2025-01-16 11:23
Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new
News URL
https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-7344 | Improper Verification of Cryptographic Signature vulnerability in multiple products Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. | 8.2 |