Microsoft has patched a significant security vulnerability that left Windows 11 vulnerable to malware attacks for over seven months. Users are strongly urged to apply the update immediately to secure their systems.
Microsoft patches critical Windows 11 vulnerability after seven months
The vulnerability, identified as CVE-2024-7344, allowed malicious actors to install harmful code on devices, bypassing many built-in security protections in Windows 11. It exploited a weakness in how certain third-party firmware utilities managed secure UEFI boot processes, granting attackers elevated system privileges and enabling their malicious payloads to remain undetected.
This issue arose from the manner in which some legitimate system utilities utilized Microsoft-approved digital certificates. Microsoft employs a strict manual review process for third-party firmware apps that operate during the secure boot phase. However, a researcher from security firm ESET discovered at least seven different vendors using a signed firmware component named “reloader.efi” insecurely.
Windows 11 24H2 is here but do not update yet!
These utilities could inadvertently bypass Microsoft’s security checks through a custom executable loader, allowing any firmware code, including unsigned binaries, to execute despite being blocked by secure boot protections. This vulnerability provided a pathway for sophisticated attackers to embed malware within legitimate utilities.
The vendors whose system utilities inadvertently exposed this risk include Howyar Technologies, Greenware, Radix, Sanfong, WASAY, CES, and SignalComputer. All have released updates to rectify the security issue. Additionally, Microsoft has revoked the digital certificates associated with the affected firmware versions to prevent exploitation of the vulnerability.
The persistence of the vulnerability for over seven months is notable, as ESET notified Microsoft of the issue in July 2024. There is no evidence that the vulnerability was actively exploited in real-world attacks, but its prolonged existence raises concerns regarding patch management.
Microsoft has issued an update to resolve CVE-2024-7344, and Windows 11 users should ensure they have all the latest patches installed, particularly those rolled out during the January 14th Patch Tuesday release.
Featured image credit: Windows/Unsplash
