Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    SK Hynix South Korean shares jump 11% as Asia tech stocks rally

    July 15, 2026

    Suffolk MP Patrick Spencer was ‘bit of a pest’, trial hears

    July 15, 2026

    Wednesday’s big stock stories: What’s likely to move the market in the next trading session

    July 15, 2026
    Facebook X (Twitter) Instagram
    Addison Markets
    • Home
    • USA
    • Europe
    • Business
    • Investing
    • Tech
    • Politics
    • Contact Us
    Addison Markets
    Home»Tech»Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
    Tech

    Microsoft’s Secure Boot has been broken for a decade and no one noticed until now

    franperez66q@protonmail.comBy franperez66q@protonmail.comJuly 15, 2026No Comments2 Mins Read
    Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
    Share
    Facebook Twitter LinkedIn Pinterest Telegram Email



    Further complicating the process, even the expiration of the Microsoft certificate that signed the shims, which took place late last month, isn’t enough to revoke the ones ESET identified.

    A rogue’s gallery of defective shims

    The shims identified by ESET authorize secondary components that are known to be vulnerable to various exploits. The Oracle shim, for instance, signs a binary vulnerable to CVE-2015-5381. Smolár said the skill required to exploit the vulnerability is low. Other vulnerable shims fail to support protections, such as MOK deny-list enforcement and SBAT enforcement, both of which came into effect after the affected shim was released. Still other identified shims contain vulnerabilities in their own code.

    In the interest of brevity, many additional details included in Tuesday’s report are omitted from this article.

    An unsettling prospect

    As noted, these vulnerable shims can be used against Windows and Linux machines alike, although likely not Windows 11 Secured-core PCs in their default state. Any Windows user who has installed Microsoft’s June update batch is no longer vulnerable. Linux users should check the Linux Vendor Firmware Service or consult their distributor. Revocation statuses are available using the uefi-dbx-audit script.

    The prospect that attackers have had the means to bypass Secure Boot for more than a decade through what amounts to hack-by-numbers scripts isn’t much of an endorsement of the mechanism proposed by Microsoft in partnership with hardware makers. As mentioned earlier, a key contributor to this debacle is its complexity.

    “This is a solid rebuke of the entire secure boot model,” HD Moore, a firmware security expert, CEO and founder of runZero, and a long-time critic of Secure Boot, said in an interview. His complaints include Microsoft being the de facto root of trust for the entire UEFI platform, the inability of the protection to scale sufficiently, and the ability for components to boot even after top-level certificates expire.

    “The end result is a huge number of unknown (to everyone but Microsoft) signed things that bypass Secure Boot—some of which can then be used to boot other things—and both have normal security bugs and other mistakes that mean they can be used to boot nearly anything,” Moore added. “The whole ecosystem is somewhat broken and needs a reboot.”



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    franperez66q@protonmail.com
    • Website

    Related Posts

    SK Hynix South Korean shares jump 11% as Asia tech stocks rally

    July 15, 2026

    Jim Cramer says IBM’s 25% plunge isn’t enough to make the stock a buy

    July 14, 2026

    Lawsuit claims Meta’s layoff decisions were made by AI, not humans

    July 14, 2026

    Meta lawsuit: Employees allege discrimination in AI-assisted layoffs

    July 14, 2026

    US military sent explosive drone boats into combat for the first time

    July 14, 2026

    New York becomes first U.S. state to impose AI data center ban

    July 14, 2026
    Leave A Reply Cancel Reply

    Top Reviews
    Editors Picks

    SK Hynix South Korean shares jump 11% as Asia tech stocks rally

    July 15, 2026

    Suffolk MP Patrick Spencer was ‘bit of a pest’, trial hears

    July 15, 2026

    Wednesday’s big stock stories: What’s likely to move the market in the next trading session

    July 15, 2026

    Exclusive-AI cloud company CoreWeave explores Wall Street playbook to hedge memory-chip price risk

    July 15, 2026
    © 2026 All right reserved
    • Privacy Policy
    • Terms & Conditions

    Type above and press Enter to search. Press Esc to cancel.