Microsoft Patches Windows To Eliminate Secure Boot Bypass Threat

Microsoft has patched a Windows vulnerability that allowed attackers to bypass Secure Boot, a critical defense against firmware infections, the company said. The flaw, tracked as CVE-2024-7344, affected Windows devices for at least seven months. Security researcher Martin Smolar discovered the vulnerability in a signed UEFI application within system recovery software from seven vendors, including Howyar.

The application, reloader.efi, circumvented standard security checks through a custom PE loader. Administrative attackers could exploit the vulnerability to install malicious firmware that persists even after disk reformatting. Microsoft revoked the application's digital signature, though the vulnerability's impact on Linux systems remains unclear.

“Secure Boot” yeah right

[Gavino]

The term “secure” in “secure boot” should probably also be revoked. This kind of stuff gives me zero confidence in what Microsoft have essentially forced on the industry. It seems to be about as secure as 64-bit WEP. I.e. not very.

Re:“Secure Boot” yeah right

[Anonymous Coward]

The ONLY thing secure boot secures is Microsoft another revenue stream. Nothing is proven about anything other than someone paid M$ to sign some code.

It is literally just cartel behavior.

Re:

[Anonymous Coward]

Secure Boot is NOT MS specific.

Re:

[Rockoon]

Requiring it IS

But why be fucking honest when defending Microsoft, right?

Re:“Secure Boot” yeah right

[93 Escort Wagon]

Yeah, in all seriousness - I'm kind of flabbergasted by this. The fact that it's even possible for a Windows-based exploit to bypass "Secure Boot" tells us that Secure Boot is more or less a scam.

Re:

[Ol Olsoc]

Yeah, in all seriousness - I'm kind of flabbergasted by this. The fact that it's even possible for a Windows-based exploit to bypass "Secure Boot" tells us that Secure Boot is more or less a scam.

It's not a bug - it's a feature. How else are the bad guys going to get the access they need?

Re:

[PsychoSlashDot]

Yeah, in all seriousness - I'm kind of flabbergasted by this. The fact that it's even possible for a Windows-based exploit to bypass "Secure Boot" tells us that Secure Boot is more or less a scam.

To be fair, I don't think it's SecureBoot's job to make your OS secure; it's the OS's job.

I haven't read about this in ages, but I think the idea is that your OS leverages SecureBoot to confirm that its bootloader hasn't been modifed. A flaw in the OS, at the line where it says "if SecureBoot.reportsissue = $true then shut back down" is what I think is going on, and is not indicative that SecureBoot is a scam. It's indicative that programmers continue to get even ultra-critical stuff wrong from time to

Re:

[93 Escort Wagon]

My basic point (or opinion, if you prefer) is - if something at the OS layer has this level of access to Secure Boot, then we're back to "your computer is only as secure as your OS". Secure Boot can't and shouldn't be considered a trustworthy gatekeeper for any bootloader if it's not immune to bad behavior from the running OS.

The relationship between Secure Boot and any OS should have been designed to flow in one direction only.

Re:

[Ed Tice]

If anybody had read TFA before posting, they would see that what happened was that malware was somehow introduced into a custom firmware that Microsoft signed. This would seem to affect only those who are using non-vendor UEFI. What Microsoft did was revoke the signature of the flawed implementations. This has nothing to do with Microsoft or Secure Boot. I'm curious if those who so quickly and effusively blamed Microsoft are going to be as enthusiastic in their retractions or if they will double down.

Re:

[flatulus]

Thank you - well said and saved me the trouble. It wasn't a hard article to read, for people who can (read) :-)

Re:

[kmoser]

"Secure" in this context is just a marketing term, not an actual description of the product.

The example

[Ol Olsoc]

Of why Windows is inherently not secure. If the Standard OS, the largest installed User base, the utter need for users to work on anything other than Office 365....

Whose very claimed Secure boot is not at all secure.

It is difficult to have much sympathy for it's users who still use it after Secure boot is not secure. Such a weak system means that either the users and companies that continues to use windows are either brain dead, or do not care about security at all.

Enjoy getting Pwned,

Re:The example

[93 Escort Wagon]

Yeah, I've been (historically) jumping through all the extra hoops to keep Secure Boot enabled on our Linux servers and (especially) student workstations, taking the extra steps to get GPU drivers working with it, etc. etc. Now I'm wondering why I've bothered.

It seems to me that, at least on those machines where other people have physical access (and can log in), this exploit tells me Secure Boot isn't really making them any more secure.

If someone wants to argue the other way, I'll certainly be interested to listen.

Re:

[Ol Olsoc]

Yeah, I've been (historically) jumping through all the extra hoops to keep Secure Boot enabled on our Linux servers and (especially) student workstations, taking the extra steps to get GPU drivers working with it, etc. etc. Now I'm wondering why I've bothered.

It seems to me that, at least on those machines where other people have physical access (and can log in), this exploit tells me Secure Boot isn't really making them any more secure.

If someone wants to argue the other way, I'll certainly be interested to listen.

And just imagine the other surprises Windows will serve us with. Some vulnerabilities can happen, sure. But this is pretty egregious.

Re:

[Ed Tice]

Did you read TFA or even TFS? Yeah, if you install third-party UEFI with vulnerabilities, SecureBoot can be compromised. You know, maybe don't do that. And set a UEFI password so that others can't easily install third-party UEFI. Or did you not even read before posting? Not that you're the only one. But apparently people don't read or understand before moderating either. SMH

Re:

[PsychoSlashDot]

Of why Windows is inherently not secure. If the Standard OS, the largest installed User base, the utter need for users to work on anything other than Office 365....

Whose very claimed Secure boot is not at all secure.

It is difficult to have much sympathy for it's users who still use it after Secure boot is not secure. Such a weak system means that either the users and companies that continues to use windows are either brain dead, or do not care about security at all.

Enjoy getting Pwned,

I mean - devil's advocate here - not having the ability to leverage the feature doesn't make an OS more secure.

That doesn't excuse Microsoft here at all. This code should've been vetted and checked so many times there's no statistical possibility of vulnerability. The foundation must be reliable before you build walls atop it.

When secure code goes rogue

[xack]

Sure you get a trusted flag with secure boot, but when the trusted code betrays you or gets backdoored you're screwed. Revoking the key only closes the barn door afterwards. Same with all DRM and notarized code.

proves once again.

[Virtucon]

If MS had just integrated SystemD this would have never happened. We all know SystemD can detect and remove malware, bloatware, and any fungus among us.

Re:

[93 Escort Wagon]

I'm sure WindowsD is somewhere in the planning pipeline!

Re:

[organgtool]

At this rate, the SystemD project will probably implement it in several years. The boot process will be:

systemd loads Linux kernel -> systemd starts systemd-init -> systemd-init loads Windows kernel -> user cries

Secure Boot?

[SoonerPet]

You mean some people leave this enabled? It’s literally the first thing I disable on all systems so I can actually install an OS properly.