MICROSOFT'S Secure Boot, designed to protect devices from firmware infections, has been compromised for most of its existence, according to ESET researchers. The discovery involves 11 vulnerable firmware images, called "shims," which have remained unrevoked since their signing, allowing attackers to bypass Secure Boot easily. This affects both Windows and Linux users—attackers can exploit these shims without needing advanced skills.
The lapse stems from Microsoft's failure to revoke these shims when vulnerabilities were found, raising concerns about the complexity and effectiveness of Secure Boot as a security mechanism. Although Microsoft has since revoked the shims, users are advised to ensure their devices are updated to remain secure.