Microsoft is closing a vulnerability in Windows that allowed the Secure Boot feature to be bypassed. The vulnerability had been known since last summer.
Microsoft rolled out a patch on Jan. 14 against CVE-2024-7344. This vulnerability allowed hackers, with proper privileges, to install malware during boot and disable the Secure Boot feature. The update is rolling out to all supported versions of Windows 11, Windows 10 and Windows Server.
read also
Windows Secure Boot can no longer be bypassed after patch
The vulnerability was discovered last summer by Martin Smolár, a security researcher on Eset’s payroll. Secure Boot is supposed to prevent unauthorized software from running during boot. To do so, it uses a certification scheme developed by Microsoft. This reduces the risk of malware or other harmful viruses springing into action before Windows boots.
Beyond control
Smolár detected the vulnerability in the software application SysReturn, a system recovery software package. During boot, the software did not use SecureBoot’s standard controls, but instead used an external loader called reloader.efi. However, this custom loader did not perform thorough checks and, in fact, completely disabled SecureBoot.
However, the application was a Microsoft-approved external UEFI application. This provided opportunities for attackers to install the loader on a device to run malware during boot without being able to stop it through Secure Boot. To do so, however, the attacker must first obtain admin control of the device. Once a malware manages to embed itself in the firmware at an early stage, you can’t get rid of it that easily, even if you reformat the hard drive.
Patch for Windows
The malicious loader was eventually discovered in six more software applications. Smolár notified Microsoft and CERT last June. It has ultimately taken until now to develop a patch that deals with the vulnerability.
That seems like a long time, but an update to Secure Boot requires more careful preparation than a monthly Windows update. Errors in Secure Boot can prevent your PC from booting, so Microsoft can’t afford to roll out an unstable update.
read also
Windows 11 refuses to install security updates
The vulnerability affects all systems that rely on UEFI and, in principle, can also affect Linux. Microsoft’s patch closes the leak only in Windows systems: no fix seems to be in the works yet for Linux.