Summary: A newly discovered UEFI Secure Boot bypass vulnerability, tracked as CVE-2024-7344, affects Microsoft-signed applications and can be exploited to deploy bootkits even with Secure Boot enabled. The vulnerability arises from a custom PE loader in certain UEFI applications that allows the loading of unsigned binaries, posing a significant security risk. Attackers can manipulate the vulnerable applications to execute malicious code before the operating system loads, making detection challenging.
Threat Actor: Unknown | unknown
Victim: Multiple third-party software developers | multiple third-party software developers
Keypoints :
- The vulnerability allows bootkits to be deployed even with Secure Boot protection active.
- It affects UEFI applications used for system recovery, disk maintenance, or backups.
- Microsoft has released a patch and revoked certificates for the vulnerable applications to mitigate the issue.