Microsoft has finally patched a critical vulnerability in its Secure Boot feature, which allows hackers to bypass the operating system’s security measures and deploy malicious attacks. The vulnerability, identified as CVE-2024-7344, was accessible for over seven months, making Windows 11 susceptible to attacks.
Secure Boot is a stringent system requirement that prevents malicious firmware from running when a device is booting up. However, a digitally signed app bypassed Microsoft’s manual review process and exploited the vulnerability, allowing hackers to gain unauthorized access to devices and run malicious attacks during the boot-up process.
The vulnerability was discovered by Martin Smolár, a security researcher at ESET, who noticed that a real-time system recovery software from Howyar Technologies could bypass Microsoft’s strict review process. The discovery highlights the importance of robust testing and validation processes for UEFI apps.
Microsoft has since patched the vulnerability, fortifying Windows 11 against sophisticated firmware attacks camouflaged as verified UEFI apps. This move ensures that Windows users are protected from potential security threats.
The patch marks a significant improvement in Microsoft’s response to the vulnerability, which had left Windows users vulnerable for over seven months. The company’s aggressive tactics in urging Windows 10 users to upgrade to Windows 11 have also been noteworthy, with full-screen multipage popup ads being used to encourage upgrades before the operating system’s imminent death in October 2025.
Source: https://www.windowscentral.com/software-apps/windows-11/microsoft-blocks-critical-secure-boot-loophole-after-over-7-months