![]() "This security update addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX" - Microsoft Microsoft has worked with the last two vendors in the list above and released security update KB5012170 to fix the problem in the provided bootloader.Īs part of this fix, Microsoft has blocked all of their required certificates that were issued with the Security Update Release from July 2022. Eurosoft (UK) Ltd: CVE-2022-34303 (bypass Secure Boot via UEFI Shell execution).CryptoPro Secure Disk: CVE-2022-34301 (bypass Secure Boot via UEFI Shell execution). ![]() New Horizon Datasys Inc: CVE-2022-34302 (bypass Secure Boot via custom installer).The three Microsoft-approved UEFI bootloads that were found to bypass the Windows Secure Boot feature and execute unsigned code are: Source: Microsoft Eclypsium researchers found that three UEFI bootloaders that were approved by Microsoft had vulnerabilities that permitted bypassing the Secure Boot feature and executing unsigned code: ![]() Overview of the boot process on UEFI systems The firmware bootloader runs immediately after turning on the system to initialize the hardware and to boot the UEFI environment responsible for launching the Windows Boot Manager. Secure Boot is part of the UEFI specification designed to ensure that only trusted code - signed with a specific, vendor-supplied certificate - is executed to start the OS booting process. Threat actors could exploit the security issue to establish persistence on a target system that cannot be removed by reinstalling the operating system (OS).Įlysium security researchers Mickey Shkatov and Jesse Michael discovered vulnerabilities affecting UEFI bootloaders from third-party vendors that could be exploited to bypass the Secure Boot feature on Windows machines. Vendor-specific bootloaders used by Windows were found to be vulnerable while the status of almost a dozen others is currently unknown. Some signed third-party bootloaders for the Unified Extensible Firmware Interface (UEFI) could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating system loads.
0 Comments
Leave a Reply. |