Home / Jul 15, 2026 / Story
0
#3 The Hacker News general July 14, 2026 at 12:46 UTC

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

By [email protected] (The Hacker News)

AI Summary

Researchers discovered 11 Microsoft-signed UEFI Linux shim applications that were never revoked and can be abused to bypass Secure Boot on most modern systems. An attacker exploiting these legacy shims can execute untrusted code at boot time, enabling deployment of UEFI bootkits or persistent firmware-level malware. The decade-long oversight underscores the systemic risk of inadequate UEFI revocation list management.

Relevance score: 89.0/100

# More from July 15