ESET has warned about vulnerabilities in old Unified Extensible Firmware Interface (UEFI) shim bootloaders signed by Microsoft that could allow attackers to bypass Secure Boot protections. There are 11 UEFI shims identified, mostly from version 0.9 and earlier, which were not updated by vendors and remained trusted in the Secure Boot chain. Vulnerabilities assigned CVE-2026-8863 and CVE-2026-10797 could potentially let attackers run untrusted code during the boot process.
Microsoft revoked these shims in June 2026, instructing system admins to update their signature databases carefully to prevent issues with newly updated boot components. The findings have raised concerns about the persistent trust in outdated shims, which may still pose risks.