Skip to content
Auto-CTI
Back to today
NEW HIGH C3

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

C The Hacker News ·

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key insight

Eleven forgotten Microsoft-signed UEFI bootloaders can bypass Secure Boot and enable malicious code execution during system startup, independent of the installed operating system.

Description

Security researchers discovered 11 old Microsoft-signed UEFI applications that can be exploited to bypass Secure Boot on modern firmware systems. The vulnerable UEFI shim bootloaders exploit the outdated Microsoft CA 2011 certificate authority and allow attackers to execute untrusted code during system startup, enabling deployment of UEFI bootkits or other malware. CVE-2026-8863 and CVE-2026-10797 also undermine Secure Boot Advanced Targeting (SBAT), a revocation mechanism for vulnerable boot components. The risk affects all UEFI-based systems that trust the Microsoft certificate, regardless of operating system.

Risk score

20
cvss base
0.00
kev bonus
0.00
epss bonus
0.00
poc bonus
15.00
raw before weight
15.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

ESC