
Old Microsoft-Signed UEFI Shims Pose Secure Boot Bypass Risk
Security researchers warn that 11 older, Microsoft-signed UEFI shim bootloaders remain trusted and can be exploited to bypass Secure Boot during boot, enabling bootkits and persistence even on patched systems. The attack leverages legacy certificates (Microsoft UEFI CA 2011), MOK allowlists and SBAT revocation gaps to load vulnerable binaries before the OS initializes. CVEs CVE-2026-8863 and CVE-2026-10797 are involved; Microsoft revoked affected shims in June 2026, but risk persists if these components are not explicitly revoked by hash, creating a long-term supply-chain exposure across multiple vendors (e.g., Red Hat, SUSE, Oracle Linux).
