Techly NewsGet the app

Get the latest tech news

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.


The publicly available exploits provide a near-universal way to bypass key protections.

Introduced more than a decade ago by a consortium of companies, Secure Boot uses public-key cryptography to block the loading of any code during the boot-up process that isn't signed with a pre-approved digital signature. “Because Microsoft's 3rd Party UEFI CA is trusted by almost all PC-like devices, an unrevoked vulnerability in any of the components verified with that key… allows you to break Secure Boot to load an untrusted OS,” one of the researchers, Jesse Michael, wrote in an email. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of Microsoft

Microsoft

Photo of wild

wild

Photo of Secure Boot exploits

Secure Boot exploits

Related news:

News photo

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

News photo

Microsoft Outlook to block more risky attachments used in attacks

News photo

Denmark: Minister for Digitalization wants to phase out Microsoft

« Texas warns 300,000 crash reports siphoned via compromised user account
Where's our MindsEye review? »