Microsoft's Secure Boot has been broken for a decade and no one noticed
7 hours ago
- #Firmware Exploit
- #UEFI Secure Boot
- #Security Vulnerability
- Microsoft's Secure Boot protection, designed to prevent firmware infections on Windows and Linux devices, has been easily bypassed for most of its existence due to unrevoked, vulnerable shim images.
- ESET researchers discovered 11 old firmware images, or shims, dating back to at least 2013, that remain signed by Microsoft despite known vulnerabilities, allowing attackers to circumvent UEFI Secure Boot.
- Attackers can use these shims to install malicious firmware (bootkits) that persist through OS reinstallation or hard drive replacement, affecting both Windows and Linux users.
- Secure Boot was introduced in 2012 to counter bootkits, but its bypass has been simple, requiring only an old, trusted shim binary and basic UEFI knowledge, undermining this critical security feature.
- Many Linux users disable Secure Boot due to its ineffectiveness on most hardware, citing requirements like proper UEFI defaults and a fully local, auditable chain of trust that are rarely met on consumer-grade devices.