AI-Debiased Article
Rewritten from Ars Technica 1 min read
4 Wire-neutral provisional

✓ No loaded language, vague sourcing, or framing detected.

Research Reveals Vulnerability in Microsoft's Secure Boot Standard

A recent study by ESET has found that Microsoft's Secure Boot standard has been vulnerable for most of its existence, allowing attackers to bypass protections on both Windows and Linux devices. The issue stems from the failure to revoke defective firmware images known as shims, which could enable malicious firmware installation.

Companies
Microsoft

Researchers at security firm ESET have discovered that Microsoft's Secure Boot standard, designed to protect Windows and Linux devices from firmware infections, has been easily bypassable for 13 of its 14 years. The researchers identified 11 firmware images, some dating back to 2013, that were known to be defective but remained signed by Microsoft. These images, referred to as 'shims,' were created to extend Secure Boot to Linux devices and utility software. The failure to revoke these vulnerable images has allowed attackers to circumvent the protection embedded in the Unified Extensible Firmware Interface (UEFI) of devices. This vulnerability affects both Windows and Linux users, as the shim can be installed on devices running either operating system, enabling attackers to install malicious firmware that persists even after an operating system is reinstalled or a hard drive is replaced.

Annotating as

No note attached

on this article.

Original vs. Neutral

Original Headline

Microsoft’s Secure Boot has been broken for a decade and no one noticed until now

Neutral Headline

Research Reveals Vulnerability in Microsoft's Secure Boot Standard