ESET researchers have uncovered a vulnerability that, if exploited, would allow bad actors to circumvent UEFI Secure Boot and deploy malicious UEFI bootkits such as Bootkitty or BlackLotus on vulnerable systems. Tracked as CVE-2024-7344, the security flaw affects most UEFI-based systems and its exploitation would lead to the execution of untrusted code during the system startup process – even where UEFI Secure Boot is enabled and regardless of the operating system installed. The affected UEFI application is part of seven system recovery programs.
What else should you know about the vulnerability and what can you do to ensure your systems are safe? Hear from ESET Chief Security Evangelist Tony Anscombe and make sure to read the full blogpost detailing the discovery.
