Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
Facepalm: Microsoft and the PC industry developed the Secure Boot protocol to prevent modern UEFI-based computers from being hacked or compromised during the boot process. However, just a few years later, the technology is plagued by a steady stream of serious security vulnerabilities.
Cybercriminals are currently having a field day with Secure Boot. Security experts have uncovered two separate vulnerabilities that are already being exploited in the wild to bypass SB's protections. Even more concerning, Microsoft is reportedly choosing to patch only one of the flaws, leaving the second unaddressed for now, posing an ongoing threat to PC security.
The first known Secure Boot vulnerability is tracked as CVE-2025-3052. According to Microsoft's security bulletin, this bug can be used to bypass the Windows Secure Boot mechanism and compromise the operating system's boot process. While successful exploitation requires local access and authentication, researchers warn that remote exploitation may also be possible in some scenarios.
The root cause of the flaw lies in several shim modules used to boot Linux operating systems with Secure Boot enabled. The vulnerability affects more than 50 device manufacturers that rely on the same tool to flash firmware onto UEFI motherboards. Developed by DT Research, the tool has been in use since 2022 and is authenticated by Microsoft's own Certificate Authority.
No OEM manufacturer in their right mind would block support for Microsoft's Certificate Authority, which means the CVE-2025-3052 flaw effectively compromises the entire UEFI supply chain. Secure Boot was specifically designed to prevent exactly this type of attack, but the standard is now widely regarded as a security failure and an embarrassment for the PC industry.
Microsoft released a patch for CVE-2025-3052 during this month's Patch Tuesday, revoking 14 cryptographic hashes tied to different versions of DT Research's vulnerable tool. While the update aims to restore trust in the Secure Boot chain, the fix may not be the silver bullet it appears to be.
Enter CVE-2025-47827, a newly disclosed vulnerability affecting a Linux kernel module that handles proprietary storage management software developed by German company IGEL. The issue lies in the shim responsible for loading the GRUB bootloader and initializing the compromised Linux kernel, which, crucially, is also signed by Microsoft.
Zack Didcott, the security researcher who uncovered the flaw, has reported it to Microsoft but has yet to receive a response. Experts warn that CVE-2025-47827 could serve as a near-universal method for bypassing Secure Boot's supposed defenses against bootkits, casting further doubt on the protocol's reliability.
English (US) ·