
A significant security flaw (CVE-2024-7344) has been identified in the Unified Extensible Firmware Interface (UEFI) systems, potentially compromising the Secure Boot mechanism. The vulnerability, discovered by ESET researchers, affects multiple system recovery software suites and carries a CVSS score of 6.7.
The affected software products include:
– Howyar SysReturn
– Greenware GreenGuard
– Radix SmartRecovery
– Sanfong EZ-back System
– WASAY eRecoveryRX
– CES NeoImpact
– SignalComputer HDD King
The vulnerability stems from these applications using a custom PE loader instead of standard UEFI security functions. This flaw allows unauthorized code execution during system boot, bypassing Secure Boot protections regardless of the installed operating system.
Impact and Risks:
– Execution of unsigned code during boot process
– Potential deployment of malicious UEFI bootkits
– Persistence through system reboots and OS reinstallation
– Possible evasion of security measures including EDR systems
Mitigation Steps:
– Microsoft has revoked vulnerable binaries in January 2025 Patch Tuesday
– Affected vendors have released updated versions
– Implementation of TPM-based remote attestation
– Proper management of EFI system partition access
– Secure Boot customization
ESET researcher Martin Smolár emphasizes that while this vulnerability was addressed relatively quickly, it highlights ongoing concerns about the security practices of third-party UEFI software vendors and the potential existence of similar vulnerable bootloaders.