‘No new vulnerability needed to bypass UEFI Secure Boot’: Experts find attackers can exploit decades-old flaws to gain access to key systems


  • ESET discovers 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass Secure Boot and deploy malicious bootkits
  • Any UEFI system that trusts Microsoft’s 2011 third-party certificate could be exposed, potentially billions of devices; attackers can bring old trusted shims to new systems
  • Microsoft has recalled the vulnerable shims and users should apply the latest UEFI recalls (Windows automatic updates, Linux via LVFS) to block exploitation

ESET cybersecurity experts have discovered 11 vulnerable UEFI shim bootloaders, all signed by Microsoft, which could allow threat actors to exploit age-old vulnerabilities and bypass UEFI Secure Boot, which deploys all sorts of malicious bootkits.

A shim is a small, intermediate bootloader that acts as a bridge between a computer’s firmware (UEFI) and the operating system’s bootloader. Its primary purpose is to allow operating systems to work with UEFI Secure Boot without having Microsoft sign each Linux bootloader individually.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top