- ESET esea che s discove ed 11 old, Mic osoft-sig ed, UEFI applicatio s that allow bypassi g UEFI Secu e Boot o the majo ity of UEFI-based systems.
- A attacke exploiti g o e of these vul e able applicatio s ca execute u t usted code du i g system boot, e abli g deployme t of malicious UEFI bootkits o othe malwa e.
- Exploitatio is ot limited to systems with the affected softwa e o Ope atio system (OS) i stalled, as attacke s ca b i g thei ow copy of the vul e able bi a ies to a y UEFI system with the Mic osoft thi d-pa ty UEFI ce tificate e olled.
- All UEFI systems with Mic osoft thi d-pa ty UEFI sig i g e abled a e affected (Wi dows 11 Secu ed-co e PCs a e expected to have this optio disabled by default).
- The vul e able bi a ies we e evoked by Mic osoft.
BRATISLAVA, Slovakia, July 14, 2026 (GLOBE NEWSWIRE) — ESET esea che s discove ed 11 vul e able UEFI shim bootloade s sig ed by Mic osoft that allow attacke s to bypass UEFI Secu e Boot by exploiti g decade-old vul e abilities. UEFI shim bootloade s a e ti y bits of code desig ed to b idge the gap betwee mothe boa d UEFI fi mwa e a d a ope ati g system. The vul e able shims, at ve sio s 0.9 a d below, ca be used to bypass UEFI Secu e Boot o a y UEFI-based machi e that t usts the Mic osoft Co po atio UEFI CA 2011 thi d-pa ty UEFI ce tificate autho ity (CA) ce tificate, ega dless of the i stalled ope ati g system. Repo ted shims ca be exploited to execute u t usted code du i g system boot, e abli g attacke s to deploy malicious UEFI bootkits eve o systems with UEFI Secu e Boot e abled. ESET epo ted fi di gs to CERT/CC; the vul e able UEFI applicatio s we e the evoked.
The discove ed shims come f om va ious tools o softwa e packages, i cludi g PC-diag ostic softwa e, Li ux dist ibutio s, a d othe UEFI-based utilities. Impo ta tly, exploitatio is ot limited to systems with the affected softwa e o OS i stalled, as attacke s ca b i g thei ow copy of the vul e able shims to a y UEFI system with the Mic osoft thi d-pa ty UEFI ce tificate e olled.
“What makes these old shims da ge ous is ot a ovel vul e ability; it’s that o ew vul e ability is eeded to bypass UEFI Secu e Boot. A attacke eeds o complicated exploitatio p imitives — o ly a copy of a old, still-t usted but u evoked shim bi a y a d a basic u de sta di g of how UEFI shims wo k. That is e ough to bypass such a esse tial secu ity featu e as UEFI Secu e Boot,” says ESET esea che Ma ti Smolá , who discove ed the vul e able shims.
“To help eade s u de sta d the impact that such vul e able shims ca have o UEFI Secu e Boot-p otected systems, the epo t exami es a few specific issues i the epo ted shims — issues that a e easily exploitable a d that highlight the b eadth of the attack su face they expose,” adds Smolá .
Ove the yea s, the UEFI shim bootloade has atu ally evolved, with ew imp oveme ts a d secu ity featu es i t oduced i successive eleases of the upst eam UEFI shim eposito y. At the same time, ma y thi d-pa ty ve do s have take available ve sio s of the shim sou ce code to build thei ow bi a ies, which they subseque tly submitted to Mic osoft fo sig i g. This behavio is expected a d alig s with the o igi al desig of shims. Howeve , i sufficie t atte tio has bee give to evoki g outdated Mic osoft-sig ed shims, ma y of which ca , by desig , be leve aged to bypass ewe secu ity mecha isms.
These vul e able shims ca be blocked by applyi g the latest UEFI evocatio s f om Mic osoft. Wi dows systems should be updated automatically. Fo Li ux systems, updates should be available th ough the Li ux Ve do Fi mwa e Se vice. Fo mo e ge e al ecomme datio s ega di g how to p otect agai st (o at least detect) exploitatio of u k ow vul e able sig ed UEFI bootloade s a d deployme t of UEFI bootkits, see the ESET Resea ch blog post “U de the cloak of UEFI Secu e Boot: I t oduci g CVE-2024-7344.”
Fo mo e details about the vul e able UEFI shims, check out the ESET Resea ch blog post “Fo gotte UEFI shims u de mi i g Secu e Boot,” o WeLiveSecu ity.com. Make su e to follow ESET Resea ch o Twitte (today k ow as X), BlueSky, a d Mastodo fo the latest ews f om ESET Resea ch.
ESET® p ovides cutti g-edge cybe secu ity to p eve t attacks befo e they happe . By combi i g the powe of AI a d huma expe tise, ESET stays ahead of eme gi g global cybe th eats, both k ow a d u k ow — secu i g busi esses, c itical i f ast uctu e, a d i dividuals. Whethe it’s e dpoi t, cloud, o mobile p otectio , ou AI- ative, cloud-fi st solutio s a d se vices emai highly effective a d easy to use. ESET tech ology i cludes obust detectio a d espo se, ult a-secu e e c yptio , a d multifacto authe ticatio . With 24/7 eal-time defe se a d st o g local suppo t, we keep use s safe a d busi esses u i g without i te uptio . The eve -evolvi g digital la dscape dema ds a p og essive app oach to secu ity: ESET is committed to wo ld-class esea ch a d powe ful th eat i tellige ce, backed by R&D ce te s a d a st o g global pa t e etwo k. Fo mo e i fo matio , visit www.eset.com o follow ou social media, podcasts, a d blogs.





 