Critical UEFI Flaw Bypasses Secure Boot, Exposing Systems to Bootkit Attacks

Critical UEFI Flaw Bypasses Secure Boot, Exposing Systems to Bootkit Attacks

UEFI Secure Boot Vulnerability Discovered and Patched

A significant security flaw (CVE-2024-7344) has been identified in the Unified Extensible Firmware Interface (UEFI) systems, potentially compromising the Secure Boot mechanism. The vulnerability, discovered by ESET researchers, affects multiple system recovery software suites and carries a CVSS score of 6.7.

The affected software products include:
– Howyar SysReturn
– Greenware GreenGuard
– Radix SmartRecovery
– Sanfong EZ-back System
– WASAY eRecoveryRX
– CES NeoImpact
– SignalComputer HDD King

The vulnerability stems from these applications using a custom PE loader instead of standard UEFI security functions. This flaw allows unauthorized code execution during system boot, bypassing Secure Boot protections regardless of the installed operating system.

Impact and Risks:
– Execution of unsigned code during boot process
– Potential deployment of malicious UEFI bootkits
– Persistence through system reboots and OS reinstallation
– Possible evasion of security measures including EDR systems

Mitigation Steps:
– Microsoft has revoked vulnerable binaries in January 2025 Patch Tuesday
– Affected vendors have released updated versions
– Implementation of TPM-based remote attestation
– Proper management of EFI system partition access
– Secure Boot customization

ESET researcher Martin Smolár emphasizes that while this vulnerability was addressed relatively quickly, it highlights ongoing concerns about the security practices of third-party UEFI software vendors and the potential existence of similar vulnerable bootloaders.

Share This Article