Old shims break Secure Boot’s trust for a decade

Researchers found 11 legacy UEFI shims, some dating back to 2013, that Microsoft failed to revoke, enabling a bypass of Secure Boot on Windows and Linux by simply using the still-trusted shim binaries. These shims can authorize subsequent bootloaders and load malicious firmware that persists after OS reinstalls, with revocation hampered by the DB/DBX system and newer SBAT/SVN mechanisms, all within tight size limits. Microsoft revoked the affected shims in June after the alert, but the case highlights the fragility and complexity of Secure Boot’s trust model. Linux users should verify status via vendor/ distributor tools (e.g., uefi-dbx-audit), and Windows users should note that the June patch has mitigations for many systems while the broader lesson remains that Secure Boot requires ongoing scrutiny.
- Microsoft’s Secure Boot has been broken for a decade and no one noticed until now Ars Technica
- Forgotten UEFI shims undermining Secure Boot WeLiveSecurity
- 11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot The Hacker News
- Old Microsoft-signed UEFI applications can bypass Secure Boot SC Media
- ESET Research discovers vulnerable UEFI shims undermining devices’ Secure Boot The Manila Times
Reading Insights
1
1
8 min
vs 9 min read
93%
1,675 → 123 words
Want the full story? Read the original article
Read on Ars Technica