{"id":240885,"date":"2026-07-15T04:15:30","date_gmt":"2026-07-15T09:15:30","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/07\/11-old-microsoftsigned-linux-uefi-shims-could-let-attackers-bypass-secure-boot"},"modified":"2026-07-15T04:15:30","modified_gmt":"2026-07-15T09:15:30","slug":"11-old-microsoftsigned-linux-uefi-shims-could-let-attackers-bypass-secure-boot","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/07\/11-old-microsoftsigned-linux-uefi-shims-could-let-attackers-bypass-secure-boot","title":{"rendered":"11 Old MicrosoftSigned Linux UEFI Shims Could Let Attackers Bypass Secure Boot"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/11-old-microsoftsigned-linux-uefi-shims-could-let-attackers-bypass-secure-boot.gif\"><\/a><\/p>\n<p>Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard.<\/p>\n<p>\u201cAn attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware,\u201d ESET researcher Martin Smol\u00e1r <a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/forgotten-uefi-shims-undermining-secure-boot\/\" target=\"_blank\">said<\/a> in a report published today.<\/p>\n<p>The UEFI shim bootloaders expose any UEFI-based machine that trusts Microsoft\u2019s \u201c<a href=\"https:\/\/support.microsoft.com\/en-US\/servicing\/os\/secure-boot\/2025\/06\/windows-secure-boot-certificate-expiration-and-ca-updates\" target=\"_blank\">Microsoft Corporation UEFI CA 2011<\/a>\u201d third-party UEFI certificate authority (CA) certificate, irrespective of the installed operating system. The certificate is used to sign third-party boot components intended to run under Secure Boot. It expired as of June 27, 2026, and has been replaced by Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. \u201cAn attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware,\u201d ESET researcher [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-240885","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/240885","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=240885"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/240885\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=240885"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=240885"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=240885"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}