The following text comes from a press release and in no way reflects the opinion of the editorial staff.
In June 2024, ESET reported the findings to the Computer Emergency Response Team (CERT) Coordination Center, which contacted affected vendors. The issue has been fixed in affected products and the old vulnerable binaries have been removed by Microsoft in the Patch Tuesday update on January 14, 2025.
This UEFI app is part of several real-time system recovery software suites developed by Howyar Technologies Inc., Greenware Technologies, Radix Technologies Ltd., SANFONG Inc., Wasay Software Technology Inc., Computer Education System Inc. and Signal Computer GmbH .
“The UEFI vulnerabilities discovered in recent years and the failures to patch or remove vulnerable binaries within a reasonable time frame show that a feature as essential as UEFI Secure Boot should not be considered an insurmountable barrier,” says Martin Smolár, the researcher from ESET, who discovered the vulnerability. “What worries us most about this vulnerability is not the time it took to patch and revoke the binary – pretty good compared to similar cases – but the fact that it is not not the first time such a dangerous UEFI binary has been discovered. This raises questions about how common these dangerous techniques are in use among third-party UEFI software vendors, and how many other similar, obscure but signed bootloaders exist. »
Exploitation of this vulnerability is not limited to systems with affected recovery software. Attackers can add their own copy of the vulnerable binary to any UEFI system with Microsoft’s third-party UEFI certificate. You also need elevated privileges to deploy vulnerable and malicious files to the EFI system partition (local administrator on Windows; root on Linux). The vulnerability results from using a custom PE loader instead of using the standard and secure UEFI LoadImage and StartImage functions. All UEFI systems with Microsoft third-party UEFI signing enabled are affected (Windows 11 Secured-core PCs should have this option disabled by default).
The vulnerability can be mitigated by applying the latest updates to Microsoft’s UEFI revocation lists. Windows systems should update automatically. Microsoft’s advisory regarding CVE-2024-7344 is available here. For Linux systems, updates should be available through Linux Vendor Firmware Service.
-For a more detailed analysis and technical analysis of the UEFI vulnerability, see ESET Research’s latest blog “Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344” at www.WeLiveSecurity.com. For the latest news, also follow ESET Research on
ABOUT ESET ESET® provides industry-leading security to prevent attacks before they happen. With the power of AI and human expertise, ESET stays ahead of known and emerging threats, securing mobile, its AI-powered and cloud-focused solutions and services are effective and easy to use . ESET technology includes robust detection and response, ultra-secure encryption and multi-factor authentication. With 24/7 real-time defense and strong local support, ESET keeps users and businesses secure without interruption. An ever-changing digital landscape demands a progressive approach to security: ESET has world-class research and powerful threat intelligence, supported by R&D centers as well as a global network of partners. More information: www.eset.com or LinkedIn, Facebook, X and https://www.eset.com/be-fr/.
