Microsoft finally patches serious UEFI Secure Boot flaw after seven-month delay

Key Takeaway: Microsoft has finally addressed a critical security vulnerability in Windows 11 that could have exposed users to malware attacks for over six months. The fact that this loophole went unpatched for so long is concerning, underscoring the importance of promptly applying updates to protect against potential threats.

The vulnerability, identified as CVE-2024-7344, allowed cybercriminals to inject malicious code into devices, circumventing Windows 11’s security measures. By exploiting a flaw in certain third-party firmware utilities related to UEFI boot processes, attackers could gain elevated system privileges and conceal their malware effectively. This type of firmware-based attack poses a significant challenge in terms of detection.

The root of the issue lies in how some legitimate system utilities utilize Microsoft-approved digital certificates. Despite Microsoft’s stringent review process for third-party firmware apps involved in the secure boot phase, a security researcher at ESET discovered that several vendors were using a vulnerable signed firmware component named “reloader.efi.”

Through a custom executable loader, these utilities unintentionally bypassed Microsoft’s security checks, enabling the execution of any firmware code, including unsigned binaries that should have been blocked by secure boot protections. This loophole allowed sophisticated attackers to embed malware within legitimate utilities.

The affected vendors, including Howyar Technologies, Greenware, Radix, Sanfong, WASAY, CES, and SignalComputer, have released updates to rectify the issue. Microsoft has also invalidated the digital certificates associated with the compromised firmware versions to prevent further exploitation by hackers.

Despite the absence of evidence indicating active exploitation by cybercriminals, the prolonged existence of this vulnerability since ESET initially alerted Microsoft in July 2024 is disconcerting. Windows 11 users should promptly install the latest patches, particularly those released on January 14th as part of Patch Tuesday, to safeguard their systems against potential threats.