ESET researchers uncover a vulnerability in a UEFI software that would allow attackers to deploy malicious bootkits on unpatched programs
16 Jan 2025
ESET researchers have uncovered a vulnerability that, if exploited, would permit dangerous actors to avoid UEFI Safe Boot and deploy malicious UEFI bootkits equivalent to Bootkitty or BlackLotus on weak programs. Tracked as CVE-2024-7344, the safety flaw impacts most UEFI-based programs and its exploitation would result in the execution of untrusted code throughout the system startup course of – even the place UEFI Safe Boot is enabled and whatever the working system put in. The affected UEFI software is a part of seven system restoration packages.
What else ought to you already know in regards to the vulnerability and what are you able to do to make sure your programs are protected? Hear from ESET Chief Safety Evangelist Tony Anscombe and ensure to learn the complete blogpost detailing the invention.
