A new UEFI vulnerability (CVE-2024-7344) discovered by Bleeping Computer allows attackers to bypass Secure Boot and deploy bootkits that can remain undetected even after an OS re-install. The vulnerability affects multiple system recovery tools, including Howyar SysReturn, Greenware GreenGuard, and Radix SmartRecovery.
The exploit relies on a customer PE loader that enables the loading of any UEFI binary, regardless of its signature. Attackers can use this to replace an app’s default OS bootloader with a vulnerable version, booting with malicious data from an encrypted XOR PE image. This bypasses Secure Boot and renders traditional security measures ineffective.
Microsoft has blocked affected software with the latest Windows updates, and ESET security has contacted vendors to eliminate the issue. Users are advised to ensure they have the latest Windows update and update affected software to versions that counter this UEFI vulnerability.
The exploit highlights a major conceptual flaw in UEFI design, where the firmware can be updated independently of the OS. This allows developers to bypass security checks and create their own updates, potentially leading to future exploits.
Source: https://www.tomshardware.com/pc-components/motherboards/new-uefi-vulnerability-bypasses-secure-boot-bootkits-stay-undetected-even-after-os-re-install