Microsoft Secure Boot Vulnerable for 13 Years, Researchers Find
A flaw in Microsoft's Secure Boot technology, designed to prevent firmware infections, has been exploitable for 13 years without detection. Researchers discovered exploitable code signed by Microsoft itself remaining active.

A significant vulnerability in Microsoft's Secure Boot system, intended to protect devices from malicious firmware, has reportedly been present and exploitable for 13 of its 14 years of existence. Security firm ESET discovered that certain firmware images, known as shims, which extend Secure Boot to Linux and utility software, were signed by Microsoft but contained known defects.
These shims, some dating back to at least 2013, were never revoked by Microsoft despite known vulnerabilities. Researchers found that novice hackers could use these outdated shims to bypass the protection embedded in the UEFI firmware of motherboards. This bypass allows for the installation of malicious firmware that loads early in the boot process.
The exploit poses a threat to both Windows and Linux users, as the compromised shim can be installed on systems running either operating system. Once installed, an attacker can circumvent the digitally signed firmware chain. This persistence means the malicious firmware can remain on a device even after the operating system is reinstalled or the hard drive is replaced.
Microsoft oversees the signing process for these shims. The failure to revoke the vulnerable images allowed the exploit to remain undetected for over a decade. The security implications are considerable, potentially allowing deep-seated malware to compromise systems undetected.