Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
A long-standing vulnerability in Microsoft-signed UEFI shims has left Secure Boot susceptible to bypasses for a decade.
Velocity
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
ESET Research has identified vulnerable UEFI shims that undermine the Secure Boot process on devices. These old, Microsoft-signed Linux UEFI shims can be used by attackers to bypass security protections.
Coverage from Ars Technica, The Hacker News, and SC Media emphasizes that this flaw has existed for ten years. WeLiveSecurity and The Manila Times highlight the specific role of these forgotten shims in undermining device security.
Attention is now focused on the 11 specific Microsoft-signed Linux UEFI shims identified as vulnerable and the potential for attackers to utilize them to bypass Secure Boot.
Synthesized by Archynetys from the headlines below under a strict no-invention contract. ✓ fact-checked: all claims supported by sources Updated 1h ago.
Quick answers
Who discovered the vulnerability?
The vulnerability was discovered by ESET Research.
What specifically is being bypassed?
Attackers can bypass the Secure Boot process using old Microsoft-signed UEFI applications.
How many Linux UEFI shims are affected?
According to The Hacker News, 11 old Microsoft-signed Linux UEFI shims could let attackers bypass Secure Boot.
Coverage (5)
- ESET Research discovers vulnerable UEFI shims undermining devices’ Secure Boot The Manila Times · 4h ago
- Old Microsoft-signed UEFI applications can bypass Secure Boot SC Media · 4h ago
- 11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot The Hacker News · 4h ago
- Forgotten UEFI shims undermining Secure Boot WeLiveSecurity · 4h ago
- Microsoft’s Secure Boot has been broken for a decade and no one noticed until now Ars Technica · 4h ago
Topics
Related trends
Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
Microsoft's July 2026 Patch Tuesday addresses a record-breaking 570 flaws, including three zero-day vulnerabilities.
Microsoft tests Windows Search without all the ads and fluff
Microsoft is testing a streamlined, "Mac-style" overhaul of Windows 11 Search designed to remove ads and clutter.
Satya Nadella has issued a shocking warning to companies using AI
Microsoft CEO Satya Nadella warns global companies that they may be paying for their own intellectual property when using AI.
Microsoft unveils major Windows 11 search experience overhaul that it promises will fix search
Microsoft is overhauling the Windows 11 search experience to remove clutter and improve user control.
Halo Studios reportedly cancels Halo multiplayer project Ekur, which had customisable Spartans and Elites and large player battles
Halo Studios has reportedly canceled 'Project Ekur,' a multiplayer title featuring large-scale battles and customizable characters.
Brazilian gamer proves you can fight for the digital preservation of Xbox games and win
A Brazilian gamer has won a legal battle against Microsoft over digital ownership and access to games following an account hack.