Microsoft has recently addressed a critical vulnerability in its Secure Boot feature, identified as CVE-2025-3052, which could have allowed attackers to install persistent bootkit malware on most PCs. This flaw, discovered by security researchers at Binarly, involved a legitimate BIOS update utility signed with Microsoft's UEFI CA 2011 certificate. The utility, trusted on most modern systems utilizing UEFI firmware, was found to read a user-writable NVRAM variable without proper validation. This oversight meant that an attacker with administrative access could modify the variable and write arbitrary data to memory locations during the UEFI boot process, effectively disabling Secure Boot and permitting the execution of unsigned UEFI modules.
The vulnerability had been circulating since 2022 and was uploaded to VirusTotal in 2024 before being reported to Microsoft in late February 2025. Upon investigation, Microsoft determined that the issue affected 14 different modules, not just the initially identified one. Consequently, the updated dbx released during the Patch Tuesday on June 10, 2025, contains 14 new hashes to address all affected modules.
This incident underscores the critical importance of Secure Boot in maintaining system integrity. Secure Boot is designed to ensure that only trusted, signed operating system and firmware files can execute during the system's startup process. By verifying the authenticity and integrity of bootloaders, operating systems, and other low-level software before a system boots, Secure Boot prevents unauthorized code from altering the OS even before it loads. A compromise in this process can lead to severe security breaches, as attackers can install bootkits that persist even if the hard drive is replaced. (welivesecurity.com)
Microsoft's prompt response to this vulnerability highlights the company's commitment to security. However, the discovery of such a flaw in a widely trusted utility raises concerns about the potential for similar vulnerabilities in other signed components. It also emphasizes the need for continuous vigilance and regular updates to security protocols to protect against evolving threats.
Users and administrators are strongly advised to apply the latest patches released by Microsoft to mitigate this vulnerability. Ensuring that systems are up-to-date with the latest security updates is a fundamental step in maintaining a secure computing environment.
Source: inkl A worrying Windows SecureBoot issue could let hackers install malware - here's what we know, and whether you need to update