A shocking revelation has emerged from the cybersecurity world: Microsoft's Secure Boot protection, designed to safeguard Windows and Linux devices from firmware infections, has been trivially easy to bypass for 13 of its 14 years of existence. Security researchers at ESET discovered this critical vulnerability after identifying 11 defective firmware images—some dating back to 2013—that Microsoft failed to revoke despite known vulnerabilities.

These problematic components, known as shims, were originally created to extend Secure Boot protection to Linux devices and utility software. The oversight stems from Microsoft's failure to revoke publicly available shim images after vulnerabilities were discovered. What makes this particularly alarming is that exploiting these outdated shims requires no sophisticated hacking skills—merely a copy of an old, still-trusted shim binary and basic knowledge of how UEFI shims function.
The threat affects both Windows and Linux users equally. Attackers with brief physical access to a device can install malicious firmware that loads early in the boot process and persists even after reinstalling the operating system or replacing the hard drive. This type of malware, known as bootkits, has been deployed by state-sponsored hackers and cybercriminals in attacks like LoJax, BlackLotus, and MoonBounce.
The identified shims were used by various Linux distributors including Redhat, OpenSuse, and Oracle, as well as third-party software providers. Many were built before modern protections like SBAT (Secure Boot Advanced Targeting) existed, whilst others contain accumulated bugs in their code or authorise vulnerable secondary binaries. Microsoft finally revoked these problematic shims in June, but only after ESET brought them to the company's attention—over a decade late in some cases.
The root cause appears to be the overwhelming complexity of Secure Boot's architecture. The system relies on multiple databases, version-based revocation mechanisms, and embedded policies that must work in concert. With the dbx database limited to just 32kb of space, Microsoft implemented alternative revocation methods that have proven difficult to manage effectively. Even the expiration of Microsoft's certificate last month wasn't sufficient to revoke the vulnerable shims.
Firmware security experts have described this as "a solid rebuke of the entire secure boot model," pointing to fundamental issues including Microsoft's de facto control as the root of trust for the entire UEFI platform and the system's inability to scale properly. Windows users who installed Microsoft's June updates are now protected, whilst Linux users should consult their distributors or check the Linux Vendor Firmware Service for revocation status.
Fuente Original: https://arstechnica.com/security/2026/07/microsoft-secure-boot-has-been-broken-for-most-of-its-existence/
Artículos relacionados de LaRebelión:
- Groks XAI Storage Git Repositories Exposed
- GhostLock Flaw 15-Year Linux Vulnerability Exposed
- Bad Epoll Flaw Grants Root Access on Linux
- AI Stocks Top Picks for a Decade of Growth
- 7000 AI Frameworks Under Attack Critical Vulnerabilities Exposed
Artículo generado mediante LaRebelionBOT












