Critical Security Flaw Exposes Secure Boot Vulnerability in Windows and Linux
A recent discovery reveals a significant vulnerability in Secure Boot, affecting both Windows and Linux systems. Learn how this flaw can be exploited and what steps you can take to protect your devices.

For over a decade, the Secure Boot feature in Windows has been susceptible to exploitation, a fact recently uncovered by security researchers. This vulnerability has significant implications for system integrity and user security.

Introduced in 2012, Secure Boot is designed to ensure that only authorized and verified software is loaded during the system startup process. This mechanism aims to prevent malware from interfering with the boot sequence of Windows. However, researchers have revealed that a major security gap has existed for more than ten years, undermining the very protection Secure Boot was meant to provide.
The findings from Eset, a cybersecurity firm, indicate that the Secure Boot feature can be bypassed on any UEFI-based computer. UEFI, or Unified Extensible Firmware Interface, is the modern replacement for the traditional BIOS, serving as the software interface between the operating system and the hardware during the boot process.
The vulnerability stems from UEFI's reliance not only on a database of verified software but also on "shims." These bootloaders are initially trusted by Microsoft. If a shim is allowed to execute, it opens the door for any software to be loaded subsequently. Because the original shim is considered trustworthy, the system mistakenly assumes that all subsequent applications are also safe.
Normally, Microsoft revokes the verification of shims when they become outdated or security issues are identified. However, researchers have discovered eleven outdated shims that have been exploitable for years. The oldest of these bootloaders dates back to 2013.
The implications of this vulnerability extend beyond Windows systems, as shims are also used to enable Secure Boot on Linux. If an attacker gains access to one of these shims, they can install it on a system, circumventing security measures during startup and potentially introducing malware.
Eset reported these vulnerabilities to the Cert Coordination Center (Cert/CC), a U.S.-based nonprofit organization that collaborates with businesses and government entities to enhance cybersecurity and swiftly address critical issues. Following this report, Cert/CC informed Microsoft, leading to the revocation of the verification for the eleven shims. Users can expect updates with the new certificates as part of the "Patch Tuesday" rollout on June 9, 2026. Keeping Windows up to date should mitigate risks for those users, while Linux users will receive updates via the Linux Vendor Firmware Service.



