Three companies’ UEFI code contains vulnerabilities that can bypass Secure Boot. Microsoft draws consequences via Windows update.
Microsoft blocks three insecure boot loaders from Eurosoft UK Ltd., New Horizon Datasys or Cryptware via Windows update KB5012170, which is why they are no longer loaded when Secure Boot is activated. The update is available for Windows 8.1, 10 and 11 as well as all server versions from 2012.
The blockade runs via the so-called DBX key database, which is stored in non-volatile memory by every UEFI BIOS. In Secure Boot mode, before each boot loader is loaded, it is checked whether its signature is stored there. If this is not in the list of allowed signatures DB or even in the list of blocked signatures DBX, the bootloader will not run.
Bootloader vulnerabilities particularly dangerous
Subsequent blockages occasionally occur when security gaps in boot loaders become known. These are particularly insidious as they allow manipulations at the deepest system level, even before the operating system starts with its built-in security mechanisms.
In the most recent case, the security company Eclypsium discovered the vulnerabilities:
- CVE-2022-34301 – Eurosoft (UK) Ltd
- CVE-2022-34302 – New Horizon Datasys Inc
- CVE-2022-34303 – CryptoPro Secure Disk for BitLocker
The crux of the matter: the three companies have so far remained silent about the problems. It is not known which boot loaders are affected by which tools. After the Windows update, which changed the DBX database of the systems, software with the faulty boot loaders no longer starts.
Microsoft irons out the omissions of the companies mentioned by updating the DBX database, as far as possible.
