Microsoft has addressed a critical security vulnerability (CVE-2024-7344) affecting Windows 11, which had remained unpatched for over seven months, exposing the system to potential malware attacks.
Details of the vulnerability
The vulnerability allowed malicious actors to infiltrate devices and bypass many of Windows 11‘s built-in security defenses. It exploited a flaw in the handling of secure UEFI boot processes by certain third-party firmware utilities, granting attackers elevated system privileges.
This flaw made it possible for malicious payloads to hide from detection, as firmware-based attacks are notably difficult to identify. The issue originated from how some legitimate system utilities improperly utilized Microsoft-approved digital certificates during the secure boot phase.
Involvement of third-party vendors
A researcher at security firm ESET identified that at least seven vendors were using a signed firmware component known as “reloader.efi” insecurely. These vendors included Howyar Technologies, Greenware, Radix, Sanfong, WASAY, CES, and SignalComputer. They all released updates following the discovery to mitigate the risk associated with their system utilities.
By utilizing a custom executable loader, these utilities could inadvertently bypass Microsoft’s security checks, allowing the execution of any firmware code, including unsigned binaries that should have been blocked by secure boot protections. This vulnerability enabled sophisticated attackers to potentially attach malware to trusted utilities.
Response from Microsoft
Microsoft responded by revoking the digital certificates for the affected firmware versions, which aims to restrict hackers from exploiting this security hole. Despite the length of time the vulnerability persisted after ESET reported it to Microsoft in July 2024, there is no evidence indicating that hackers exploited the issue in actual attacks.
Microsoft has released an update to resolve CVE-2024-7344, and Windows 11 users are advised to ensure they have installed all relevant patches, particularly from the January 14th Patch Tuesday release.
Featured image credit: Sunrise King/Unsplash
