The Secure Boot technology, designed to protect computers from bootkits and malicious firmware, has proven vulnerable due to errors in digital signature management. Experts from ESET discovered that Microsoft has not revoked signature keys for critical boot components for over a decade, allowing attackers to bypass UEFI protection on computers running Windows and Linux.

The Problem with Shim "Layers"

The vulnerability lies in components known as shim ("layers"). They are necessary for the Secure Boot mechanism to work on Linux systems, as Microsoft only signs its own bootloaders, while Linux distributions require an intermediary to launch. Experts found 11 compromised instances of shim that are still considered trusted by the system, despite containing vulnerabilities.

Attackers can use these old, yet still "legal" files to inject malware at an early stage of the boot process. Such a component runs before the operating system itself and continues to function even after reinstalling Windows or Linux or replacing the system drive. The attack does not require finding a new vulnerability—it is sufficient to have a copy of an old shim binary file that Microsoft has never removed from the trusted signature database.

Why Protection Failed

The certificate revocation mechanism in UEFI is implemented through two databases: db (list of allowed) and dbx (list of revoked). However, due to the size limit of the dbx database (only 32 KB), Microsoft did not store full hashes of banned files but decided to specify only component version numbers. This led to the creation of the SBAT (Secure Boot Advanced Targeting) mechanism, which allows shim to check the versions of loaded components and block outdated ones.

The problem is that many of the 11 discovered vulnerable shims were created before the introduction of SBAT or contain other known security holes. Microsoft has not added them to the revocation database for years, and motherboards continued to consider them safe.

Scope of the Threat and Affected Parties

The threat affects a wide range of devices. Some of the vulnerable instances were used by major market players, including developers of Red Hat, OpenSuse, and Oracle Linux distributions. The list of potentially affected parties also includes developers of PC-Doctor diagnostic software and even organizers of final exams in Finland.

The solution to the problem has already been implemented in the latest updates. For Windows 11, the patch was released only in June of this year. The situation with Linux is more complex due to ecosystem fragmentation: users are advised to contact their distribution vendors for updates. The status of revoked shims can be checked using a special script called "uefi-dbx-audit".