A recently discovered vulnerability in Windows’ UEFI firmware could let hackers install malware by exploiting a legitimate module that was trusted on most modern systems. Binarly, a security researcher, found that the issue stems from a flaw in a BIOS update utility signed with Microsoft’s UEFI CA 2011 certificate.
The problem lies in the fact that the utility reads a user-writable NVRAM variable without proper validation, allowing an attacker to modify the variable and write arbitrary data to memory locations during the UEFI boot process. This vulnerability was assigned a severity score of 8.2/10 (high) by Microsoft and affected 14 modules.
Microsoft patched the issue with its June 2025 Patch Tuesday cumulative update. The company determined that the vulnerability did not affect just one module, but rather 14 different modules. To fix all of them, it released an updated dbx containing 14 new hashes.
Microsoft’s patch fixes a Secure Boot vulnerability that allowed threat actors to disable security solutions and install bootkit malware on most PCs. However, users should be cautious as the vulnerable module had been circulating in the wild since 2022 and was uploaded to VirusTotal in 2024 before being reported to Microsoft in late February 2025.
Source: https://www.techradar.com/pro/security/a-worrying-windows-secureboot-issue-could-let-hackers-install-malware-heres-what-we-know-and-whether-you-need-to-update