Security researchers discovered two actively exploited Secure Boot vulnerabilities, but Microsoft decided to fix only one of them, raising serious questions about system security.
G. Ostrov
An event occurred in the cybersecurity world that caught the attention of specialists worldwide. Researchers discovered two Secure Boot exploits being actively used by attackers, but Microsoft decided to fix only one of the vulnerabilities.
What is Secure Boot and Why It Matters
Secure Boot is a UEFI security mechanism designed to protect the operating system boot process. It verifies digital signatures of all boot chain components, preventing unauthorized or malicious code execution at the firmware level.
Secure Boot vulnerabilities are particularly dangerous because they allow attackers to bypass one of the main defense lines of modern computers and install bootkits — malware operating at the lowest system level.
Discovered Vulnerabilities
According to security researchers, two critical vulnerabilities were discovered:
- First vulnerability allows attackers to execute self-signed code at UEFI level with Secure Boot enabled
- Second vulnerability is related to bypassing digital signature verification of boot components
Both vulnerabilities were found "in the wild," meaning their active use by attackers against real systems.
Microsoft's Response
Despite the severity of both vulnerabilities, Microsoft released fixes for only one of them, providing an "optional" solution for the Secure Boot zero-day vulnerability used by malware.
The company explained its decision by stating that successful exploitation of the second vulnerability requires the attacker to already have administrative privileges on the device or physical access to it. However, security experts express concern about this approach.
Historical Context
This is not the first case of Secure Boot issues. In April 2024, Microsoft released patches for 24 new Secure Boot vulnerabilities, although at that time there was no evidence of their exploitation. In January 2025, the company revoked old vulnerable binaries as part of Patch Tuesday updates.
Threats and Consequences
The unpatched vulnerability creates serious risks:
- Possibility of installing bootkits like BlackLotus
- Bypassing operating system protection mechanisms
- Hidden presence in the system even after OS reinstallation
- Potential use for corporate espionage
Protection Recommendations
Security specialists recommend:
- Immediately install all available security updates
- Enable additional boot process monitoring mechanisms
- Use firmware integrity verification solutions
- Regularly check systems for signs of compromise
Conclusion
The situation with partial fixing of Secure Boot vulnerabilities highlights the complexity of the modern cybersecurity landscape. Organizations need not rely exclusively on vendor patches but implement multi-layered protection systems.
More about security vulnerabilities can be learned on the official Ars Technica website.
In case of any problems, contact us, we will help quickly and efficiently!