ESET researchers uncover a vulnerability in a UEFI software that would allow attackers to deploy malicious bootkits on unpatched methods
16 Jan 2025
ESET researchers have uncovered a vulnerability that, if exploited, would enable unhealthy actors to circumvent UEFI Safe Boot and deploy malicious UEFI bootkits resembling Bootkitty or BlackLotus on susceptible methods. Tracked as CVE-2024-7344, the safety flaw impacts most UEFI-based methods and its exploitation would result in the execution of untrusted code through the system startup course of – even the place UEFI Safe Boot is enabled and whatever the working system put in. The affected UEFI software is a part of seven system restoration applications.
What else ought to you understand concerning the vulnerability and what are you able to do to make sure your methods are protected? Hear from ESET Chief Safety Evangelist Tony Anscombe and ensure to learn the complete blogpost detailing the invention.
