Feeds2.Feedburner
Old UEFI Shims Allow Bypass of Secure Boot on Affected Systems
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
ESET researchers discovered 11 outdated UEFI shim bootloaders, all at version 0.9 or below, that can bypass UEFI Secure Boot protections on any UEFI-based machine trusting Microsoft's third-party certificate authority. These shims can execute untrusted code during system boot, enabling the deployment of malicious UEFI bootkits. The vulnerabilities were reported to CERT/CC in February 2026, and Microsoft revoked the affected shims on June 9, 2026, assigning CVE-2026-8863 and CVE-2026-10797 for tracking. Exploitation is not limited to specific operating systems, as attackers can introduce their own vulnerable shims to any compatible UEFI system. This situation highlights the risks posed by long-trusted but outdated software components in the boot process.
Key Points: • 11 vulnerable UEFI shim bootloaders can bypass Secure Boot protections. • Attackers can exploit these shims to execute untrusted code on any UEFI system. • Microsoft revoked the affected shims on June 9, 2026, following a report from ESET.