Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
Research has revealed that decade-old Microsoft-signed UEFI shims can be used to bypass Secure Boot protections.
Velocity timeline
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
ESET Research has discovered that vulnerable UEFI shims are undermining the Secure Boot process on devices. These old, Microsoft-signed applications allow attackers to bypass the security measures intended to protect the boot process.
Coverage from Ars Technica, The Hacker News, and SC Media emphasizes that 11 of these old Linux UEFI shims are specifically problematic. WeLiveSecurity and The Manila Times highlight that these forgotten shims have remained a vulnerability for a decade without being noticed.
Future developments depend on how these specific Microsoft-signed UEFI applications are addressed to prevent attackers from bypassing Secure Boot.
Synthesized by Newsylist from the headlines below under a strict no-invention contract. ✓ fact-checked: all claims supported by sources Updated just now.
Quick answers
Who discovered the vulnerability?
The vulnerability was discovered by ESET Research.
What specifically allows the Secure Boot bypass?
Old Microsoft-signed UEFI shims, specifically 11 Linux UEFI shims, can be used to bypass the system.
How long has this issue existed?
According to coverage from Ars Technica, the system has been broken for a decade.
Coverage (6)
- Microsoft’s Secure Boot has been broken for a decade and no one noticed until now Ars Technica · 2h ago broke it first
- ESET Research discovers vulnerable UEFI shims undermining devices’ Secure Boot The Manila Times · 2h ago
- Old Microsoft-signed UEFI applications can bypass Secure Boot SC Media · 2h ago
- 11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot The Hacker News · 2h ago
- Forgotten UEFI shims undermining Secure Boot WeLiveSecurity · 2h ago
- Microsoft’s Secure Boot has been broken for a decade and no one noticed until now Ars Technica · 2h ago broke it first
People, places & organizations
Topics
Related trends
Microsoft tests Windows Search without all the ads and fluff
Microsoft is testing a decluttered, faster version of Windows Search that removes ads and MSN tiles from Windows 11.
Satya Nadella has issued a shocking warning to companies using AI
Microsoft CEO Satya Nadella warns companies using AI that they may be paying for their own intellectual property.
Microsoft unveils major Windows 11 search experience overhaul that it promises will fix search
Microsoft is overhaulng the Windows 11 search experience to remove promotional content and clutter.
Halo Studios reportedly cancels Halo multiplayer project Ekur, which had customisable Spartans and Elites and large player battles
Microsoft has reportedly canceled 'Project Ekur,' a multiplayer Halo title featuring large-scale battles and customizable characters.
Windows 11 is getting a 4-pixel upgrade. It sounds like a joke, but it actually matters.
Microsoft is overhauling the Windows 11 search experience, featuring a decluttered design and a specific 4-pixel increase in size.
Brazilian gamer proves you can fight for the digital preservation of Xbox games and win
A Brazilian gamer has successfully sued Microsoft to recover a digital game library after his account was hacked.