Microsoft’s Secure Boot Vulnerability: A Decade of Overlooked Issues Uncovered

Microsoft Certificate Expiration Fails to Mitigate Vulnerable Shims

ESET has raised alarms concerning a critical oversight in Microsoft’s Secure Boot implementation following the expiration of a key certificate that previously signed various vulnerable shims. Although this certificate expired last month, it does not eliminate the risks posed by these shims, which remain in circulation and can expose systems to significant exploits.

The shims identified by ESET grant permissions to secondary components known to be susceptible to numerous vulnerabilities. For example, the Oracle shim is reported to sign binaries vulnerable to CVE-2015-5381, a flaw which requires minimal skill to exploit. Complicating matters further, some of these vulnerable shims do not support essential security measures, such as MOK deny-list and SBAT enforcement, which were introduced after their release. Additionally, other shims are implicated due to vulnerabilities within their own code.

These issues affect both Windows and Linux systems, although Windows 11 Secured-core devices might be exempt under default configurations. Windows users who installed Microsoft’s June update batch have mitigated their vulnerability, while Linux users are advised to check with the Linux Vendor Firmware Service or their respective distributors for guidance. For those seeking specific revocation statuses, the uefi-dbx-audit script can provide clarity.

The implications of these vulnerabilities are troubling. The notion that attackers could circumvent Secure Boot mechanisms through readily available exploit scripts raises questions about the efficacy of the Secure Boot framework established by Microsoft in conjunction with hardware manufacturers. A fundamental concern lies in the complexity of the system, which has been highlighted by experts in the field.

Firmware security specialist HD Moore has critiqued the overall secure boot model, stating that it represents a significant flaw in the UEFI platform’s integrity. He points to Microsoft’s role as the primary root of trust, the inability of the system’s protective measures to scale appropriately, and the alarming capability for components to initiate boot processes even after their top-level certificates have expired.

Moore elaborated on the fallout from this situation, emphasizing the existence of numerous signed components that bypass Secure Boot—many of which possess existing security flaws that allow for unwanted booting of potentially malicious software. This creates an ecosystem fraught with unknowns, calling for urgent re-evaluation and restructuring.

As businesses grapple with these vulnerabilities, understanding the potential tactics employed by adversaries is essential. Techniques such as initial access, persistence, and privilege escalation from the MITRE ATT&CK framework may have been utilized in exploiting these flaws. Addressing these concerns with strategic cybersecurity measures is imperative for organizations to safeguard their systems against evolving threats in an increasingly complex digital landscape.

Source