Video
ESET researchers uncover a vulnerability in a UEFI software that might allow attackers to deploy malicious bootkits on unpatched techniques
16 Jan 2025
ESET researchers have uncovered a vulnerability that, if exploited, would permit unhealthy actors to avoid UEFI Safe Boot and deploy malicious UEFI bootkits equivalent to Bootkitty or BlackLotus on susceptible techniques. Tracked as CVE-2024-7344, the safety flaw impacts most UEFI-based techniques and its exploitation would result in the execution of untrusted code through the system startup course of – even the place UEFI Safe Boot is enabled and whatever the working system put in. The affected UEFI software is a part of seven system restoration packages.
What else ought to you already know in regards to the vulnerability and what are you able to do to make sure your techniques are protected? Hear from ESET Chief Safety Evangelist Tony Anscombe and ensure to learn the total blogpost detailing the invention.
