A new UEFI vulnerability has been discovered that is spread through multiple system recovery tools. Bleeping Computer reports that the vulnerability enables attackers to bypass Secure Boot and deploy bootkits that can be invisible to the operating system. Microsoft has officially flagged the vulnerability with the codename CVE-2024-7344 Howyar Taiwan Secure Boot Bypass.
The culprit purportedly comes from a customer PE loader, which allows any UEFI binary to be loaded, even unsigned ones. This is due to the vulnerability allegedly not relying on trusted services such as LoadImage and StartImage.
- Howyar SysReturn before version 10.2.023_20240919
- Greenware GreenGuard before version 10.2.023-20240927
- Radix SmartRecovery before version 11.2.023-20240927
- Sanfong EZ-back System before version 10.3.024-20241127
- WASAY eRecoveryRX before version 8.4.022-20241127
- CES NeoImpact before version 10.1.024-20241127
- SignalComputer HDD King before version 10.3.021-20241127
The good news is that Microsoft and ESET security have already taken measures to protect the public from this vulnerability. ESET has allegedly contacted affected vendors to eliminate the security issue. Microsoft has revoked the certificates of affected venerable software in the most recent Windows update, which went live this week on patch Tuesday.
Suppose you run any of the software applications above. In that case, it's worth ensuring you have the latest Windows update, and updating the aforementioned software to versions that will counter this UEFI vulnerability is worth ensuring you have the latest Windows update.
