#5
Ars Technica Security
general
July 14, 2026 at 22:20 UTC
Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
By Dan Goodin
AI Summary
A decade-old Secure Boot blind spot has been uncovered: nearly a dozen vulnerable UEFI shim bootloaders that Microsoft failed to revoke remained trusted in the Secure Boot chain for years, giving attackers a reliable path to bypass Secure Boot protections on affected systems. The oversight affects devices across multiple vendors and underscores the critical importance of maintaining the UEFI revocation database. No patch can fully close the gap until the revocation lists are updated across the installed base.
Relevance score: 86.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →