"Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders"

Three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders have been found to have a security feature bypass vulnerability that enables the circumvention of the UEFI Secure Boot feature. These flaws can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or by changing a UEFI variable to load the vulnerable loader instead of the existing one, according to a report from hardware security firm Eclypsium. Eurosoft Boot Loader, New Horizon Data Systems Inc Boot Loader, and Crypto Pro Boot Loader, which were signed and authenticated by Microsoft, have been found vulnerable to the bypass and were patched as part of the tech giant's Patch Tuesday update. Secure Boot is a security standard that prevents malicious programs from loading when a computer boots and ensures that only software trusted by the Original Equipment Manufacturer (OEM) is launched. According to Microsoft's documentation, the firmware boot loaders boot the UEFI environment and hand over control to UEFI applications written by the SoC vendor, Microsoft, and OEMs. The UEFI environment starts the Windows Boot Manager, which decides whether to boot into Full Flash Update (FFU) image flashing, device reset mode, update OS, or the main OS. Successful exploitation of the Eclypsium flaws could allow an adversary to bypass security guardrails at startup and execute arbitrary unsigned code during the boot process. This can have additional ramifications, allowing a malicious actor to gain entrenched access and establish persistence on a host in a way that can withstand operating system reinstalls and hard drive replacements, not to mention completely evade detection by security software. Exploiting these vulnerabilities requires an attacker to have administrator privileges but gaining local privilege escalation is not considered impossible because Microsoft does not consider User Account Control (UAC) bypass to be a security risk. This article continues to discuss findings regarding the UEFI Secure Boot bypass.

THN reports "Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders"