Skip to content
Ars Technica·

🔒Microsoft Revokes 11 Vulnerable Firmware Shims

Old firmware shims can be exploited to bypass Secure Boot

TL;DR

Researchers found 11 old firmware shims that could allow attackers to bypass Secure Boot. Microsoft revoked them in June's patch release; Linux users need to check their distributors for updates.

Microsoft has revoked 11 vulnerable firmware shims, which were discovered by ESET researchers and could be exploited to completely circumvent Secure Boot protections on Windows and Linux devices. These shims, some dating back to 2013, can be used by attackers with brief physical access to install malicious firmware that persists even after OS reinstall or hard drive replacement. Developers running systems affected by these shims should update immediately to avoid potential security breaches. Microsoft revoked the shims in June's patch release; Linux users need to check their distributors for updates.

Microsoft Revokes 11 Vulnerable Firmware Shims — Ars Technica

Key Points

1

ESET researchers discovered 11 vulnerable firmware shims dating back to 2013.

2

These shims can allow attackers to bypass Secure Boot protections with physical access.

3

Microsoft revoked the shims in its June patch release, addressing a critical security flaw.

4

Linux users should check their distributors for updates or use uefi-dbx-audit script.

5

The vulnerability affects both Windows and Linux devices running affected firmware.

Why It Matters

If you're managing systems with outdated firmware shims, this update is crucial. The vulnerability could allow attackers to install persistent malicious firmware on your devices, compromising security even after OS reinstall or hard drive replacement. Developers should ensure their systems are up-to-date to avoid potential breaches.

microsoftsecure-bootfirmware-vulnerabilityeaset-researcherspatch-release

Frequently Asked Questions

Why does this matter?

If you're managing systems with outdated firmware shims, this update is crucial. The vulnerability could allow attackers to install persistent malicious firmware on your devices, compromising security even after OS reinstall or hard drive replacement. Developers should ensure their systems are up-to-date to avoid potential breaches.

What happened?

Researchers found 11 old firmware shims that could allow attackers to bypass Secure Boot. Microsoft revoked them in June's patch release; Linux users need to check their distributors for updates.

Comments

Subscribe to join the conversation...

Be the first to comment

Enjoyed this article?

Get it daily. 7am. Free. Reads in 5 minutes.

Join 2,074 builders reading daily.

Also get