Tag

Uefi

All articles tagged with #uefi

technology2 days ago•2 min saved

Microsoft rolls out new Secure Boot keys as 2011 certificates near expiry

Microsoft is replacing its 2011 Secure Boot certificates with new UEFI CA 2023 keys via Windows Update as expiry approaches. Most Windows 11 devices manufactured since 2024 are already updated, while older devices can check compatibility in Windows Security and may require OEM firmware updates. Devices that haven’t updated will still function but lack newer boot-time protections against bootkits and firmware threats, and legacy BIOS-only systems cannot receive the update.

via TechSpot|

#certificates #firmware #secure-boot

technology4 days ago•16 min saved

Countdown to Secure Boot: What If You Miss the June 2026 Certificate Update on Windows 11

Microsoft explains that the original Secure Boot certificates (2011) expire in June 2026 and will be replaced by 2023 certificates through a phased CFR/LCU rollout. Legacy BIOS devices won’t be updated, and Secure Boot must be enabled; the process may involve several reboots and resealing BitLocker keys. If you ignore the deadline, Windows will boot but security will be degraded because boot-critical updates and DBX revocation lists won’t be applied, potentially blocking future OS upgrades that rely on the 2023 chain. Enterprises should test deployments, monitor Secure Boot status in Windows Security, and plan PXE/boot-manager changes accordingly. Servers require manual intervention, and the 2023 certs are projected to last until 2038 with further shifts toward post-quantum certificates later on.

via Windows Latest|

#certificates #enterprise-it #secure-boot

security5 months ago•2 min saved

Major Motherboard Flaw Exposes Early-Boot Security Risks and Cheating Vulnerabilities

A new UEFI firmware vulnerability affects motherboards from ASRock, ASUS, GIGABYTE, and MSI, allowing early-boot DMA attacks due to a failure to properly enable IOMMU protections during startup. This flaw could let attackers access or modify system memory before the OS loads, emphasizing the importance of applying firmware updates to mitigate the risk.

via The Hacker News|

#dma-attack #firmware-update #iommu

technology10 months ago•3 min saved

Gigabyte Motherboards Vulnerable to Critical UEFI Security Flaws

Dozens of Gigabyte motherboards are vulnerable to UEFI firmware security flaws that can allow stealthy bootkit malware to bypass Secure Boot and persist through reinstallation, with over 100 models affected and no current fixes for many due to end-of-life status, posing significant risks especially in critical environments.

via BleepingComputer|

#bootkit #firmware-malware #gigabyte

technology11 months ago•2 min saved

Urgent: Secure Boot Vulnerability Allows Bootkit Malware Installation

Security researchers have uncovered a critical flaw (CVE-2025-3052) in Secure Boot that affects nearly all systems trusting Microsoft's UEFI CA 2011 certificate, allowing attackers with admin rights to disable Secure Boot and install bootkit malware. Microsoft has addressed the issue by revoking affected modules and releasing security updates, but users are urged to patch immediately to prevent exploitation.

via BleepingComputer|

#bootkit-malware #cve-2025-3052 #secure-boot

cybersecurity1 year ago•2 min saved

Bootkitty: First UEFI Bootkit Malware Targets Linux Systems

A new exploit, dubbed LogoFAIL, allows attackers to bypass Secure Boot protections on certain Linux machines by injecting malicious code into a bitmap image during the boot process. This code installs a cryptographic key that tricks the UEFI into treating a backdoored GRUB and Linux kernel as trusted, effectively creating a bootkit. The exploit targets devices with Insyde UEFI firmware, affecting models from Acer, HP, Fujitsu, and Lenovo. Insyde has released a patch, but unpatched devices remain vulnerable.

via Ars Technica|

#cybersecurity #insyde #linux

cybersecurity1 year ago•2 min saved

"Bootkitty": First UEFI Bootkit Threatens Linux Systems

Security researchers at ESET have discovered Bootkitty, the first known UEFI bootkit targeting Linux systems, uploaded to VirusTotal. While currently limited to Ubuntu and lacking full functionality, Bootkitty represents a potential shift in UEFI threats, previously exclusive to Windows. This development underscores the need for vigilance against future Linux-targeted bootkits, which can persist undetected by infecting firmware before the operating system loads.

via Ars Technica|

#bootkit #cybersecurity #eset

cybersecurity1 year ago•2 min saved

Bootkitty: Unveiling the First UEFI Bootkit Threat to Linux Systems

Researchers have discovered "Bootkitty," the first UEFI bootkit targeting Linux systems, developed by a group named BlackCat. Although currently a proof-of-concept with no real-world attacks reported, Bootkitty disables kernel signature verification and preloads unknown binaries during system startup. It bypasses UEFI Secure Boot by hooking authentication protocols and patching GRUB boot loader functions. The bootkit also includes a kernel module with rootkit capabilities, but no link to the ALPHV/BlackCat ransomware group has been found. This development highlights the expanding threat landscape beyond Windows systems.

via The Hacker News|

#blackcat #bootkit #cybersecurity

cybersecurity1 year ago•15 min saved

Bootkitty: Unveiling the First UEFI Bootkit Threat to Linux

ESET researchers have discovered Bootkitty, the first UEFI bootkit targeting Linux systems, specifically some Ubuntu versions. This bootkit, likely a proof of concept, aims to disable kernel signature verification and preload unknown ELF binaries during the Linux init process. Bootkitty is signed with a self-signed certificate, making it ineffective on systems with UEFI Secure Boot unless the attacker's certificates are installed. The discovery highlights the expanding threat landscape of UEFI bootkits beyond Windows systems. Researchers emphasize the importance of keeping UEFI Secure Boot enabled and systems updated to mitigate such threats.

via We Live Security|

#bootkit #cybersecurity #linux

technology1 year ago•2 min saved

Major UEFI Vulnerability Hits Hundreds of Intel-Powered PCs

A vulnerability in Phoenix SecureCore UEFI firmware, affecting numerous Intel CPUs, has been discovered by Eclypsium. Dubbed 'UEFICANHAZBUFFEROVERFLOW,' the buffer overflow bug in the TPM configuration could allow code execution on affected devices. Lenovo has started releasing firmware updates to address the issue, which impacts hundreds of models from major manufacturers like Lenovo, Dell, Acer, and HP.

via BleepingComputer|

#firmware #intel #security

technology2 years ago•2 min saved

"Unlocking Resizable BAR Support for Nvidia Turing GPUs: A Risky Free Mod"

Unofficial NVStrapsReBar UEFI driver enables Resizable BAR support on older NVIDIA GeForce RTX 20 & GTX 16 "Turing" GPUs, allowing the CPU to access the entire GPU memory space through the PCIe interconnect for potential performance gains. Flashing a new UEFI image on the motherboard is necessary for Turing GPUs to enable ReBAR, and while the tech offers increased performance, it may not benefit all games.

via Wccftech|

#gpus #nvidia #nvstrapsrebar

technology2 years ago•3 min saved

"Urgent Fix Needed: Critical Bootloader Vulnerability Threatens Linux Distros"

A critical vulnerability in the Shim Linux bootloader, CVE-2023-40547, allows attackers to execute code and take control of a system before the kernel loads, bypassing security mechanisms. The flaw, discovered by Microsoft's security researcher Bill Demirkapi, resides in Shim's parsing of HTTP responses, enabling an out-of-bounds write. Linux distributions using Shim, such as Red Hat, Debian, Ubuntu, and SUSE, have released advisories and patches. Users are advised to update to Shim v15.8, which contains a fix for CVE-2023-40547, and update the UEFI Secure Boot DBX to include the vulnerable Shim software's hashes and sign the patched version with a valid Microsoft key.

via BleepingComputer|

#cve-2023-40547 #linux #security-vulnerability

firmware-security-vulnerability2 years ago•2 min saved

"UEFI Vulnerabilities Pose Widespread Threat to Computer Security"

Multiple security vulnerabilities dubbed PixieFail have been disclosed in the TCP/IP network protocol stack of the open-source reference implementation of the UEFI specification, impacting UEFI firmware from major vendors. These flaws could lead to remote code execution, denial-of-service attacks, DNS cache poisoning, and data leakage. The vulnerabilities, identified by Quarkslab, are present in the TianoCore EFI Development Kit II (EDK II) and could be exploited by attackers within the local network or remotely, depending on the firmware build and default PXE boot configuration.

via The Hacker News|

#firmware #firmware-security-vulnerability #pixiefail

cybersecurity2 years ago•3 min saved

"Critical UEFI Vulnerabilities Shake Firmware Development Ecosystem"

Five leading UEFI firmware suppliers have been found to contain vulnerabilities collectively dubbed PixieFail, allowing attackers with network access to infect connected devices with malware at the firmware level. The vulnerabilities, residing in functions related to IPv6 in the TianoCore EDK II implementation, can be exploited through the PXE mechanism used in data centers. Attackers can plant UEFI-controlled backdoors in servers without needing physical access, posing a significant threat to data centers and cloud environments.

via Ars Technica|

#cybersecurity #data-centers #firmware-vulnerabilities

cybersecurity2 years ago•2 min saved

Widespread Vulnerability: LogoFAIL Exploit Threatens Windows and Linux Devices

Researchers have discovered a series of vulnerabilities, known as LogoFAIL, in the Unified Extensible Firmware Interfaces (UEFIs) of Windows and Linux devices. These vulnerabilities allow for the undetectable installation of malicious code during the boot process by replacing legitimate logo images with specially crafted ones. The vulnerabilities affect UEFI suppliers, device manufacturers, and CPU makers. Once arbitrary code execution is achieved, attackers have full control over the device's memory and disk, including the operating system. The best defense against LogoFAIL attacks is to install UEFI security updates and configure multiple layers of defenses, such as Secure Boot and Intel Boot Guard.

via Slashdot|

#cybersecurity #firmware-attack #linux