|
|
Пишет Slashdot (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_slashdot)@ 2025-01-16 18:10:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Microsoft Patches Windows To Eliminate Secure Boot Bypass Threat
Microsoft has patched a Windows vulnerability that allowed attackers to bypass Secure Boot, a critical defense against firmware infections, the company said. The flaw, tracked as CVE-2024-7344, affected Windows devices for at least seven months. Security researcher Martin Smolar discovered the vulnerability in a signed UEFI application within system recovery software from seven vendors, including Howyar. The application, reloader.efi, circumvented standard security checks through a custom PE loader. Administrative attackers could exploit the vulnerability to install malicious firmware that persists even after disk reformatting. Microsoft revoked the application's digital signature, though the vulnerability's impact on Linux systems remains unclear.
Microsoft has patched a Windows vulnerability that allowed attackers to bypass Secure Boot, a critical defense against firmware infections, the company said. The flaw, tracked as CVE-2024-7344, affected Windows devices for at least seven months. Security researcher Martin Smolar discovered the vulnerability in a signed UEFI application within system recovery software from seven vendors, including Howyar. The application, reloader.efi, circumvented standard security checks through a custom PE loader. Administrative attackers could exploit the vulnerability to install malicious firmware that persists even after disk reformatting. Microsoft revoked the application's digital signature, though the vulnerability's impact on Linux systems remains unclear.
Read more of this story at Slashdot.
