- Binarly saw a legitimate utility, which rely on most modern systems using UFI firmware, takes a defect
- Dosha allows danger actors to deploy bootkit malware
- Microsoft patch it on June 2025 patch on Tuesday cumulative update
Microsoft has fixed a safe boot vulnerability that has allowed danger actors to close security solutions and install bootkit malware on most PCs.
Security researchers recently discovered a valid BIOS update utility signed with Microsoft’s UEFI CA 2011 certificate. This root certificate, Unified Excellent Firmware Interface (UEFI) is used in a safe boot process, plays a central role in verifying the authenticity and integrity of bootloaders, operating systems and other low-level software before system boots.
According to the researchers, the utility is relied on on most modern systems using UEFI firmware – but the problem stems from the fact that it reads the user -reitting NVRAM variable without proper verification, meaning that an attacker can modify an attacker variable with an administrator access to an operating system and can write a motion on the Memori Boot Process.
Binarly managed to use this vulnerability to disable safe boots and allow any non -composed UEFI module to run. In other words, they were able to disable safety facilities and install bootkit malware, which could not be removed even when the hard drive is replaced.
The weak module was moving in the wild since 2022, and was uploaded to Grearsotal in 2024 before Microsoft was informed in late February 2025.
Microsoft recently released the patch Tuesday version of Tuesday, its cumulative update separately, recently discovered, addressing weaknesses-in which Microsoft had an arbitrary vulnerability in UEFI firmware, which has now been tracked as cve-2015-3052. It was assigned a serious score of 8.2/10 (high).
The company also determined that vulnerability impressed a total of 14 modules, which is now fixing all of them.
“During the triage process, Microsoft determined that the issue did not affect only one module as it was believed to be initially, but in fact 14 different modules,” said Binarli. “For this reason, the updated DBX released during the patch on Tuesday, June 10, 2025, includes 14 new hash.”
Through BlappingCopper
