UEFI certificate Archives

Winsage

June 11, 2025

Microsoft Windows Secure Boot Bypass Confirmed

The second Tuesday of each month is when Microsoft releases monthly security updates for Windows. A significant zero-day vulnerability, CVE-2025-3052, has been identified, affecting all Windows users and allowing a Secure Boot bypass. This vulnerability could compromise system integrity by enabling malware to infiltrate Windows PCs and servers. CVE-2025-3052 is classified as a memory corruption issue within a module signed with Microsoft’s third-party UEFI certificate and can execute unsigned code during the boot process, potentially allowing attackers to install bootkits.

Winsage

February 6, 2025

Microsoft script updates bootable media for BlackLotus bootkit fixes

Microsoft has released a PowerShell script to help users and administrators update bootable media, integrating the "Windows UEFI CA 2023" certificate. This update is in response to the BlackLotus UEFI bootkit, which can bypass Secure Boot and disable Windows security features. Microsoft has issued prior updates in March 2023 and plans additional measures for July 2024, addressing a Secure Boot bypass vulnerability (CVE-2023-24932). The fix will be rolled out in phases before full enforcement anticipated by 2026. The update will include the "Windows UEFI CA 2023" certificate in the UEFI Secure Boot Signature Database and revoke the "Windows Production CA 2011" certificate for older boot managers. Administrators are advised to update bootable media to use the new certificate to avoid booting issues. The PowerShell script is compatible with various media formats and requires the Windows ADK for functionality. Microsoft recommends thorough testing before the enforcement phase, which will begin by the end of 2026, with a six-month notice prior to implementation.