A worrying Windows Secureboot – Hackers can have Hackers installed malware – This is what we know and whether you should update
- Advertisement -
Related Posts
- Advertisement -
- Binarly saw a legitimate usefulness, familiar with most modern systems using UEFI firmware, with an error
- With the mistake, threat actors could use Bootkit -Malware
- Microsoft has patched the cumulative update of June 2025
Microsoft has solved secure boot outgroweability with which threat actors can disable the security solutions and install Bootkit malware On most PCs.
Binarly, security researchers, recently discovered a Legitiem BIOS -Update tool, signed with the UEFI CA 2011 certificate from Microsoft. This root certificate, used in the secure boat process of the Unified Extensible Firmware Interface (UEFI), plays a central role in verifying the authenticity and integrity of bootloaders, operating systemsAnd other software at a low level before a system starts.
According to the researchers, it is useful to rely on most modern systems using UEFI Firmware -but the problem stems from the fact that it is a user -described NVRAM variable without the correct validation, which means that an attacker with administration access to an operating system can change the variable and can write randomly data for memory locations.
Binarly has succeeded in using this vulnerability to disable Secure Boot and run all non -signed UEFI modules. In other words, they were able to disable security functions and install Bootkit malware that cannot be removed, even if the hard disk is replaced.
The vulnerable module has been circulating in the wild since 2022 and was uploaded to Virustotal in 2024 before it was reported to Microsoft at the end of February 2025.
Microsoft recently released the June edition of Patch on Tuesday, the cumulative update that addresses various recently discovered, vulnerabilities-including the random writing vulnerability in Microsoft signed UEFI-Firmware, which is now being followed as CVE-2025-3052. It received a serious score of 8.2/10 (high).
The company has also established that the vulnerability influenced a total of 14 modules, so that they all repair now.
“During the triage process, Microsoft determined that the problem not only influenced a single module as initially believed, but actually 14 different modules,” Binarly said. “For this reason, the updated DBX contains 14 new hashes during the patch on Tuesday on 10 June 2025.”
Maybe you like it too
- Advertisement -
