Microsoft Secure Boot broken for a decade, just discovered

Original: Microsoft’s Secure Boot has been broken for a decade and no one noticed until now

Why This Matters

A decade-long Secure Boot flaw exposes systemic gaps in firmware-level security assurance across millions of Windows devices.

A fundamental flaw in Microsoft's Secure Boot implementation went undetected for approximately ten years, undermining the firmware security feature designed to prevent unauthorized bootloaders from loading during system startup.

According to a report from Ars Technica, Microsoft's Secure Boot — a security standard built into modern PC firmware designed to ensure only trusted software loads during boot — contained a critical flaw that went unnoticed for roughly a decade. Secure Boot is intended to protect systems from rootkits and bootkits that operate below the operating system level, making them extremely difficult to detect or remove. The vulnerability reportedly existed throughout most of the feature's operational lifespan without being identified by security researchers or Microsoft itself. The discovery raises significant questions about the reliability of firmware-level security mechanisms that both enterprise and consumer users have depended on for years. Details of the specific technical flaw, the researcher(s) who uncovered it, and the scope of potential exploitation were reported by Ars Technica, a publication known for in-depth security coverage. Microsoft has not yet publicly issued a full remediation timeline as of the report's publication.

Source

arstechnica.com — Read original →