To defeat Secure Boot, the bootkit exploits CVE-2022-21894, a vulnerability in all supported versions of Windows that Microsoft patched in January 2022. The logic flaw, referred to as Baton Drop ...

A new UEFI vulnerability has been discovered that is spread through multiple system recovery tools. Bleeping Computer reports ...

Most UEFI implementations come preloaded with a certificate called the Microsoft 3rd Party UEFI Certificate Authority (CA) that establishes the root of trust for the entire platform.

Built into the UEFI (Unified Extensible Firmware Interface), Secure Boot uses public-key cryptography to block the loading of any code that isn’t signed with a pre-approved digital signature.

Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware.