Secure Boot Archives

Winsage

June 16, 2025

With Windows 10 EOL On the Horizon, It’s Time to Replace Rather Than Upgrade

The end of support for Windows 10 is set for October 14, 2025, after which users will not receive security updates, bug fixes, or technical support, exposing them to cyber threats. Many legacy PCs do not meet the system requirements for Windows 11, leading to potential compatibility issues and performance problems if upgraded. Investing in a new Windows 11-compatible PC ensures better performance, energy efficiency, and long-term support, with built-in security features like TPM 2.0 and Secure Boot. Transitioning to Windows 11 offers advantages such as an improved user interface, integrated AI tools, enhanced default apps, personalizable workspaces, and better visuals. Continuing to use an unsupported Windows platform after 2025 can result in compliance issues, data loss, and increased maintenance costs. Replacing hardware rather than upgrading can mitigate these risks and ensure access to ongoing security features.

Winsage

June 13, 2025

Microsoft: KB5060533 update triggers boot errors on Surface Hub v1 devices

Microsoft is addressing an issue with Surface Hub v1 devices running Windows 10, version 22H2, where users encounter Secure Boot errors after installing the KB5060533 security update released in June 2025. The error message states: 'Secure Boot Violation. Invalid signature detected. Check Secure Boot Policy in Setup.' This issue is specific to Surface Hub v1 and does not affect Surface Hub 2S and Surface Hub 3 models. Microsoft implemented a mitigation strategy on July 11, 2025, to prevent further startup failures on additional Surface Hub v1 devices. The KB5060533 update aimed to fix issues with Hyper-V virtual machines and was part of a larger rollout addressing 66 vulnerabilities, including critical ones related to WebDAV and Windows SMB. Additionally, an emergency update for Windows 11 (KB5063060) was released to fix an incompatibility with Easy Anti-Cheat causing BSOD errors.

Winsage

June 11, 2025

Microsoft Windows Secure Boot Bypass Confirmed

The second Tuesday of each month is when Microsoft releases monthly security updates for Windows. A significant zero-day vulnerability, CVE-2025-3052, has been identified, affecting all Windows users and allowing a Secure Boot bypass. This vulnerability could compromise system integrity by enabling malware to infiltrate Windows PCs and servers. CVE-2025-3052 is classified as a memory corruption issue within a module signed with Microsoft’s third-party UEFI certificate and can execute unsigned code during the boot process, potentially allowing attackers to install bootkits.

Winsage

June 11, 2025

A worrying Windows SecureBoot issue could let hackers install malware – here’s what we know, and whether you need to update

Researchers at Binarly have identified a critical vulnerability in a widely trusted BIOS update utility that operates on most modern systems using UEFI firmware. This utility, signed with Microsoft’s UEFI CA 2011 certificate, contains a flaw that could be exploited by malicious actors to disable essential security measures and install bootkit malware on personal computers. Microsoft addressed the issue by including a fix in its June 2025 Patch Tuesday cumulative update. The UEFI Secure Boot process is crucial for maintaining system integrity by verifying the authenticity of bootloaders and operating systems.

Winsage

June 11, 2025

Patch your Windows PC now before bootkit malware takes it over

Microsoft's June updates address a significant vulnerability identified as CVE-2025-3052, which allows attackers to gain control over a PC via bootkit malware by bypassing the Secure Boot feature. This memory corruption issue enables unsigned code to run during the boot process, compromising the system's chain of trust. The vulnerability allows an attacker to sign a compromised UEFI application with Microsoft’s third-party certificates, granting it unrestricted execution rights. Although the flaw has not been exploited in real-world scenarios, it has been present since late 2022. Microsoft has released a patch for this flaw, and users of Windows 10 or 11 are advised to download the latest updates to protect their PCs. Additionally, June's Patch Tuesday addressed a total of 66 weaknesses, including another Secure Boot flaw (CVE-2025-4275) and a zero-day vulnerability (CVE-2025-33053).

Winsage

June 11, 2025

Upgrading Windows 10 to 11: Here’s everything you need to know

Microsoft is offering a free upgrade from Windows 10 to Windows 11 for eligible devices that meet the minimum system requirements and use the appropriate upgrade tools. Official support for Windows 10 will end on October 14, 2025, after which Microsoft will stop providing free security updates, technical support, and bug fixes. Users can obtain a paid Extended Security Updates (ESU) program for an additional year of critical security updates. Windows 11 requires specific hardware prerequisites, including TPM 2.0 and compatible processors. Users can check their PC's eligibility for the update using the free PC Integrity Checker app. To upgrade, users can download the Windows 11 Installation Wizard or use the Rufus tool to create a bootable USB stick for installation. Backing up data before upgrading is recommended.

Winsage

June 1, 2025

We installed SteamOS on our ROG Ally and Legion Go Windows handhelds and we don’t want to go back

SteamOS has been released for non-Steam Deck gaming handhelds, including the ASUS ROG Ally and Lenovo Legion Go. To install SteamOS, users need a USB-C stick and the SteamOS recovery image, which can be downloaded from Steam's website. The installation process involves creating a bootable USB drive using the Rufus utility, adjusting BIOS settings to disable Secure Boot, and following specific steps to wipe the device and install SteamOS. After installation, users can set up their Steam account and check for updates. The transition to SteamOS enhances performance and visual fidelity for these devices.

Winsage

May 29, 2025

Forced E-Waste PCs And The Case Of Windows 11’s Trusted Platform

The process of upgrading Windows operating systems was straightforward until Windows 11, which introduced a new requirement for a Trusted Platform Module (TPM), potentially rendering many capable PCs obsolete. The TPM is used for boot validation and storing biometric data, but it complicates data recovery and may lock out legitimate users. Users have found ways to bypass Windows 11's TPM and CPU restrictions, allowing installation on unsupported hardware. Microsoft’s enforcement of these requirements remains uncertain, raising concerns about system reliability and user access to updates. Many users are opting to stay on Windows 10 while advocating for continued support from developers.

Winsage

May 28, 2025

Did Microsoft Change Windows 11 Requirements? – Here’s the Truth

Microsoft has not changed the official requirements for Windows 11 since its launch. Users need a compatible 64-bit processor (1GHz or faster with at least two cores), a minimum of 4GB of RAM, and 64GB of storage. Essential features include UEFI firmware that supports Secure Boot and TPM version 2.0, DirectX 12 compatible graphics with a WDDM 2.0 driver, and displays of at least 9 inches with a resolution of 720p. Microsoft allows experienced users to manually install Windows 11 on unsupported devices at their own risk, but this is not advisable due to potential issues. The strict requirements are intended to enhance security and performance. Users can check compatibility with the PC Health Check Tool. Microsoft will support Windows 10 until October 14, 2025, after which there will be no official support. For those whose systems do not meet the specifications, upgrading hardware or purchasing a new PC may be necessary.

Tech Optimizer

May 27, 2025

BIOS and Bootloaders in the Crosshairs: Growing Firmware Threats

Hackers are increasingly targeting the startup sequence of systems, focusing on BIOS, UEFI, and bootloaders, which allows them to bypass traditional operating system defenses. Firmware threats often evade conventional security measures, providing attackers with a persistent foothold. Notable bootkits like BlackLotus, BootHole, and EFILock exploit vulnerabilities in boot components, even those protected by Secure Boot. Attackers can embed malicious code in firmware or replace legitimate bootloaders, maintaining control through OS reinstalls and hardware replacements. Common attack vectors include compromised storage, network connections, or console inputs during boot. Malicious code can execute before security software activates, and attackers may exploit misconfigured or outdated signature databases, as well as downgrade attacks on older firmware versions. To mitigate these threats, organizations should enforce Secure Boot policies, regularly update signature databases, and monitor boot behavior for anomalies.