WINDOWS and Linux users are urged to update cryptographic keys that secure systems against UEFI firmware-based malware, with a deadline of June 24. The expiring Microsoft-signed certificates are essential for Secure Boot, which prevents bootkit attacks by ensuring only trusted code runs during startup. Bootkits, malicious software that operates before the OS, are notoriously difficult to detect and can compromise systems even after OS reinstalls.
The history of bootkits dates back to the 1980s, with notable instances such as LoJax and MosaicRegressor emerging in the last few years. Microsoft's development of Secure Boot aims to create a chain of trust and mitigate these risks. A recent vulnerability, LogoFail, has prompted Microsoft to replace old keys with new ones. Users should check for updates through security settings and may need to manually intervene on older machines.