Security News Microsoft finally patches serious UEFI Secure Boot flaw after seven-month delay

[Gandalf_The_Grey]

Content source

https://www.techspot.com/news/106411-microsoft-finally-patches-serious-uefi-secure-boot-flaw.html

Microsoft has addressed a significant security vulnerability that left Windows 11 open to malware attacks at one of the system's most critical levels for more than half a year. It's concerning – though perhaps not surprising – that Microsoft knowingly left this loophole unpatched for such a long period. Users are strongly advised to apply the update immediately.

The vulnerability (CVE-2024-7344) allowed bad actors to sneak malicious code onto devices in a way that could bypass many of Windows 11's built-in security defenses. It exploited a flaw in how certain third-party firmware utilities handled secure UEFI boot processes, giving attackers elevated system privileges and allowing their malicious payloads to hide in plain sight. Those types of firmware-based attacks are among the most difficult to detect.

Microsoft has pushed out an update to resolve CVE-2024-7344, so Windows 10 and 11 users should ensure they have all the latest patches installed – specifically from the January 14th Patch Tuesday release.

Security Update Guide - Microsoft Security Response Center

msrc.microsoft.com

Microsoft finally patches serious UEFI Secure Boot flaw after seven-month delay

The vulnerability (CVE-2024-7344) allowed bad actors to sneak malicious code onto devices in a way that could bypass many of Windows 11's built-in security defenses. It exploited...

www.techspot.com

 

[Vitali Ortzi]

This might be interesting