11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

Summary

Researchers have identified 11 outdated, Microsoft-signed UEFI applications that can be exploited to bypass Secure Boot on modern systems. This vulnerability allows attackers to execute untrusted code during the boot process, potentially enabling the deployment of UEFI bootkits or other malware.

IFF Assessment

FOE

This vulnerability allows attackers to bypass a critical security control (Secure Boot), enabling them to install persistent malware.

Severity

8.8 High (AI Estimated)

This score reflects a high attack vector (local access required to abuse the signed shim, but can lead to system compromise), high attack complexity (requires finding and exploiting a specific vulnerable shim), and high impact (Complete system integrity and confidentiality loss, allowing for persistent malware installation).

Defender Context

This discovery highlights a significant risk to systems relying on Secure Boot for integrity. Defenders should be aware of this potential bypass and monitor for any indicators of compromise related to UEFI bootkits or unauthorized code execution during the boot process. Organizations may need to investigate which signed shims are present on their systems and consider mitigations beyond relying solely on Secure Boot.

Read Full Story →