UEFI Archives

Winsage

June 22, 2025

With 114 days left until Windows 10 support is ditched, Windows 11 enjoys a last-minute surge in upgrades

Microsoft plans to discontinue support for Windows 10 on October 14, 2025, despite a strong preference for it among users. As of June 2025, Windows 10's market share dropped from 66% to 49%, while Windows 11's share increased from 29% to over 47%. The gap between the two operating systems has narrowed to 1%. Microsoft has implemented full-screen reminders to encourage users to upgrade to Windows 11, branding 2025 as the "year of the Windows 11 PC refresh." Windows 11 adoption has increased, but many PCs are unable to upgrade due to stringent minimum system requirements, which include a 64-bit processor, at least 4GB of RAM, 64GB of storage, UEFI firmware with Secure Boot, and TPM version 2.0. Microsoft introduced a new category of Windows 11 PCs called Copilot+ PCs, which feature advanced capabilities and security measures. Starting October 14, 2025, users on Windows 10 will not receive free updates, leaving them vulnerable to security risks. Users whose PCs do not meet the requirements for Windows 11 can either buy new machines or subscribe to the Extended Security Updates (ESU) program for continued support. Enterprise users will pay £48 for the first year of ESU, increasing to £192 for the third year, while consumers can access it for £24 for an additional year. Some users are exploring alternatives like Linux or ChromeOS Flex for older hardware.

Winsage

June 12, 2025

UEFI Vulnerabilities Galore

The FAA is requesting a budget allocation of .0 billion for fiscal year 2026, in addition to a previously committed .0 billion, to address critical infrastructure needs. The agency aims to modernize its outdated telecommunications infrastructure, including the air traffic control (ATC) system, which currently relies on antiquated technology such as paper strips, floppy disks, and Windows 95 computers. The FAA has a four-year timeline for overhauling the ATC system, which poses significant challenges and risks to aviation safety. Additionally, there is a need to replace the existing radar system and transition to a modern IP-based network, requiring careful consideration of security measures and operational dynamics.

Winsage

June 12, 2025

UEFI BIOS flaws: SecureBoot bypass and firmware replacement possible

Recent findings have identified two vulnerabilities in various UEFI BIOS versions from multiple manufacturers, compromising the SecureBoot mechanism. These vulnerabilities allow attackers to bypass SecureBoot protections and replace firmware, particularly in Insyde BIOSes. The issues stem from unprotected NVRAM variables, specifically the "IhisiParamBuffer," which can be manipulated to execute unsigned UEFI binaries. Affected UEFI applications include "DTBios" and "BiosFlashShell" from DTResearch, with a CVSS score of 8.2. Microsoft has added 14 new hashes to its DBX database to mitigate these risks. Additionally, a vulnerability in the Insyde H2O UEFI firmware app allows attackers to infiltrate digital certificates due to the insecure handling of the "SecureFlashCertData" variable, which is incorrectly treated as trusted memory. This flaw, known as "Hydroph0bia," has a CVSS score of 7.8 and enables unauthorized execution of firmware certified with manipulated certificates. Manufacturers are urged to provide firmware updates to address these vulnerabilities, as inconsistent support for locking UEFI variables raises security concerns.

Winsage

June 11, 2025

Microsoft Windows Secure Boot Bypass Confirmed

The second Tuesday of each month is when Microsoft releases monthly security updates for Windows. A significant zero-day vulnerability, CVE-2025-3052, has been identified, affecting all Windows users and allowing a Secure Boot bypass. This vulnerability could compromise system integrity by enabling malware to infiltrate Windows PCs and servers. CVE-2025-3052 is classified as a memory corruption issue within a module signed with Microsoft’s third-party UEFI certificate and can execute unsigned code during the boot process, potentially allowing attackers to install bootkits.

Winsage

June 11, 2025

A worrying Windows SecureBoot issue could let hackers install malware – here’s what we know, and whether you need to update

Researchers at Binarly have identified a critical vulnerability in a widely trusted BIOS update utility that operates on most modern systems using UEFI firmware. This utility, signed with Microsoft’s UEFI CA 2011 certificate, contains a flaw that could be exploited by malicious actors to disable essential security measures and install bootkit malware on personal computers. Microsoft addressed the issue by including a fix in its June 2025 Patch Tuesday cumulative update. The UEFI Secure Boot process is crucial for maintaining system integrity by verifying the authenticity of bootloaders and operating systems.

Winsage

June 11, 2025

Patch your Windows PC now before bootkit malware takes it over

Microsoft's June updates address a significant vulnerability identified as CVE-2025-3052, which allows attackers to gain control over a PC via bootkit malware by bypassing the Secure Boot feature. This memory corruption issue enables unsigned code to run during the boot process, compromising the system's chain of trust. The vulnerability allows an attacker to sign a compromised UEFI application with Microsoft’s third-party certificates, granting it unrestricted execution rights. Although the flaw has not been exploited in real-world scenarios, it has been present since late 2022. Microsoft has released a patch for this flaw, and users of Windows 10 or 11 are advised to download the latest updates to protect their PCs. Additionally, June's Patch Tuesday addressed a total of 66 weaknesses, including another Secure Boot flaw (CVE-2025-4275) and a zero-day vulnerability (CVE-2025-33053).

Winsage

June 1, 2025

We installed SteamOS on our ROG Ally and Legion Go Windows handhelds and we don’t want to go back

SteamOS has been released for non-Steam Deck gaming handhelds, including the ASUS ROG Ally and Lenovo Legion Go. To install SteamOS, users need a USB-C stick and the SteamOS recovery image, which can be downloaded from Steam's website. The installation process involves creating a bootable USB drive using the Rufus utility, adjusting BIOS settings to disable Secure Boot, and following specific steps to wipe the device and install SteamOS. After installation, users can set up their Steam account and check for updates. The transition to SteamOS enhances performance and visual fidelity for these devices.

Winsage

May 29, 2025

Forced E-Waste PCs And The Case Of Windows 11’s Trusted Platform

The process of upgrading Windows operating systems was straightforward until Windows 11, which introduced a new requirement for a Trusted Platform Module (TPM), potentially rendering many capable PCs obsolete. The TPM is used for boot validation and storing biometric data, but it complicates data recovery and may lock out legitimate users. Users have found ways to bypass Windows 11's TPM and CPU restrictions, allowing installation on unsupported hardware. Microsoft’s enforcement of these requirements remains uncertain, raising concerns about system reliability and user access to updates. Many users are opting to stay on Windows 10 while advocating for continued support from developers.

Winsage

May 28, 2025

Did Microsoft Change Windows 11 Requirements? – Here’s the Truth

Microsoft has not changed the official requirements for Windows 11 since its launch. Users need a compatible 64-bit processor (1GHz or faster with at least two cores), a minimum of 4GB of RAM, and 64GB of storage. Essential features include UEFI firmware that supports Secure Boot and TPM version 2.0, DirectX 12 compatible graphics with a WDDM 2.0 driver, and displays of at least 9 inches with a resolution of 720p. Microsoft allows experienced users to manually install Windows 11 on unsupported devices at their own risk, but this is not advisable due to potential issues. The strict requirements are intended to enhance security and performance. Users can check compatibility with the PC Health Check Tool. Microsoft will support Windows 10 until October 14, 2025, after which there will be no official support. For those whose systems do not meet the specifications, upgrading hardware or purchasing a new PC may be necessary.

Tech Optimizer

May 27, 2025

BIOS and Bootloaders in the Crosshairs: Growing Firmware Threats

Hackers are increasingly targeting the startup sequence of systems, focusing on BIOS, UEFI, and bootloaders, which allows them to bypass traditional operating system defenses. Firmware threats often evade conventional security measures, providing attackers with a persistent foothold. Notable bootkits like BlackLotus, BootHole, and EFILock exploit vulnerabilities in boot components, even those protected by Secure Boot. Attackers can embed malicious code in firmware or replace legitimate bootloaders, maintaining control through OS reinstalls and hardware replacements. Common attack vectors include compromised storage, network connections, or console inputs during boot. Malicious code can execute before security software activates, and attackers may exploit misconfigured or outdated signature databases, as well as downgrade attacks on older firmware versions. To mitigate these threats, organizations should enforce Secure Boot policies, regularly update signature databases, and monitor boot behavior for anomalies.