Security Researchers Find UEFI Secure Boot Bypass Vulnerability

A recently patched security vulnerability in Unified Extensible Firmware Interface (UEFI) systems could allow attackers to bypass Secure Boot protections and compromise system safety during the boot process. The flaw is identified as CVE-2024-7344 and was discovered by ESET researchers and reported by The Hacker News.

The vulnerability has a CVSS score of 6.7 and is present in a UEFI application signed by Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. This uses a special PE loader instead of standard UEFI functions. It lets computers load unsigned UEFI programs when they start up, no matter if Secure Boot is on or off.

Affected software includes products from Howyar Technologies, Greenware Technologies, Radix Technologies, SANFONG, Wasay Software Technology, Computer Education System, and Signal Computer GmbH. All vendors have since released patched versions of their software.

The vulnerability affects most UEFI-based systems with Microsoft third-party UEFI signing enabled. Any system with the affected recovery software is at risk, but attackers can also use their own vulnerable software on any UEFI system that has the Microsoft third-party UEFI certificate.

To deploy vulnerable and harmful files to the EFI system partition, you need elevated privileges, which means you must have local administrator access on Windows or root access on Linux. To address this vulnerability:

1. Apply the latest UEFI revocations from Microsoft

2. Update affected software to the latest versions

3. For Windows systems, updates should be applied automatically

4. Linux systems should receive updates through the Linux Vendor Firmware Service

Moreover, organizations can manage access to files located on the EFI system partition, implement Secure Boot customization, and use remote attestation with a Trusted Platform Module (TPM).