Feeds2.Feedburner
Old UEFI Shims Exploit Bypass of Secure Boot Security
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
ESET researchers have discovered 11 outdated UEFI shim bootloaders, all version 0.9 or below, that can bypass UEFI Secure Boot protections on systems trusting Microsoft's 2011 certificate. These vulnerabilities allow attackers to execute untrusted code during the boot process, enabling the deployment of UEFI bootkits like Bootkitty and BlackLotus. The shims were reported to CERT/CC in February 2026 and were revoked by Microsoft on June 9, 2026, under CVE-2026-8863 and CVE-2026-10797. The attack method relies on the 'bring your own vulnerable driver' technique, allowing exploitation regardless of the installed operating system. The vulnerabilities stem from outdated second-stage bootloaders, primarily GRUB 2, which contain known flaws. This situation affects various Linux distributions and software from major vendors, posing a significant risk to systems that have not updated their firmware. The lack of visibility into older shims complicates remediation efforts.
Key Points: • Eleven outdated UEFI shims can bypass Secure Boot on systems trusting Microsoft's certificate. • Attackers can exploit these shims to run untrusted code and deploy bootkits. • Microsoft revoked the vulnerable shims on June 9, 2026, following a report from ESET.