The Hacker News ·EN News source AdvisoryUEFI Shim BootloaderSecure Boot
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot
CVE Tools coverage
Researchers have identified 11 outdated, Microsoft-signed UEFI applications that could be exploited to bypass Secure Boot protections on modern systems. These vulnerabilities affect various Linux distributions and bootloaders from vendors including Red Hat, Oracle, and OpenSUSE. Attackers could leverage these flaws to execute arbitrary code during system startup, potentially deploying persistent malware like UEFI bootkits. The issues were addressed in Microsoft's June 2026 Patch Tuesday update and are tracked under CVE-2026-8863 and CVE-2026-10797.