UEFI – ESET Ireland

ESET Research discovers UEFI Secure Boot bypass vulnerability

January 16, 2025

ESET researchers have discovered a vulnerability, affecting the majority of UEFI-based systems, that allows actors to bypass UEFI Secure Boot. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party UEFI certificate. Exploitation of this vulnerability can lead to the execution of untrusted code during system … More ESET Research discovers UEFI Secure Boot bypass vulnerability

ESET Research discovers the first UEFI bootkit for Linux

November 27, 2024

ESET Research has discovered the first UEFI bootkit designed for Linux systems, which has been named Bootkitty by its creators. ESET believes this bootkit is likely an initial proof of concept, and based on ESET telemetry, it has not been deployed in the wild. However, it is the first evidence that UEFI bootkits are no … More ESET Research discovers the first UEFI bootkit for Linux

ESET Research Podcast: Finding the mythical BlackLotus bootkit

July 12, 2023

A story of how analysis of a supposed game cheat turned into a discovery of a powerful UEFI threat. Towards the end of 2022 an unknown threat actor boasted on an underground forum that they’d created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could bypass UEFI Secure Boot – a … More ESET Research Podcast: Finding the mythical BlackLotus bootkit

ESET Research analyzes BlackLotus: A UEFI bootkit that can bypass UEFI Secure Boot on fully patched systems

March 1, 2023

ESET researchers are the first to publish an analysis of BlackLotus, the first in-the-wild UEFI bootkit that is capable of bypassing an essential platform security feature — UEFI Secure Boot. ESET researchers are the first to publish an analysis of a UEFI bootkit that is capable of bypassing an essential platform security feature – UEFI … More ESET Research analyzes BlackLotus: A UEFI bootkit that can bypass UEFI Secure Boot on fully patched systems

ESET Research discovers ESPecter, a bootkit for cyberespionage

October 6, 2021

ESET researchers have discovered a previously undocumented real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which ESET has named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. ESPecter is the second discovery of a UEFI bootkit persisting on the ESP … More ESET Research discovers ESPecter, a bootkit for cyberespionage

ESET Ireland

ESET Ireland Official Blog

Tag: UEFI