Home / Jul 16, 2026 / Story
0
#5 Ars Technica Security general July 14, 2026 at 22:20 UTC

Microsoft’s Secure Boot has been broken for a decade and no one noticed until now

By Dan Goodin

AI Summary

A decade-old Secure Boot blind spot has been uncovered: nearly a dozen vulnerable UEFI shim bootloaders that Microsoft failed to revoke remained trusted in the Secure Boot chain for years, giving attackers a reliable path to bypass Secure Boot protections on affected systems. The oversight affects devices across multiple vendors and underscores the critical importance of maintaining the UEFI revocation database. No patch can fully close the gap until the revocation lists are updated across the installed base.

Relevance score: 86.0/100

# More from July 16