Cyber security experts sound the alarm: A dangerous new vulnerability has been discovered in the UEFI boot system that allows attackers to completely bypass the Secure Boot protection mechanism. The fact that even a complete reinstallation of the operating system cannot rid the computer of this threat is particularly alarming.
What is CVE-2024-7344 and why is it dangerous
The new vulnerability, codenamed CVE-2024-7344 Howyar Taiwan Secure Boot Bypass, is associated with critical flaws in the PE boot loader. Attackers can use this “hole” to load any uncertified UEFI files. The most dangerous thing is that malware installed through this vulnerability becomes practically invisible to security systems.
Attack mechanism and its consequences
Cybercriminals get the opportunity to replace the standard operating system boot loader on the EFI partition with their malicious version. Such a modification contains an encrypted XOR PE image that completely bypasses the Secure Boot system. As a result, installed antivirus programs and other protection tools are ineffective against this threat.
Popular programs at risk
Of particular concern is the fact that the vulnerability is actively exploited through well-known system recovery tools. Among the compromised programs:
- Howyar SysReturn, a popular system recovery tool;
- Greenware GreenGuard, used by many system administrators;
- Radix SmartRecovery, a widely used backup solution.
How to protect yourself from the threat
Microsoft and ESET have already responded to the vulnerability. The companies have implemented urgent security measures, including revoking the certificates of compromised software through the latest Windows update. Experts strongly recommend that users immediately update their Windows operating system and install the latest versions of all programs they use.