In recent years, a new form of malware has been developed by malicious actors that has been enabled by vulnerabilities that exist in the UEFI – or ‘Unified Extensible Firmware Interface’ — firmware found on many computers, especially those operating Windows. This malware, dubbed ‘UEFI malware,’ employs a stealthy approach to bypassing even Secure Boot protections to affect user devices, giving attackers access to sensitive user data.
The ‘Secure Boot’ feature found on many devices is designed to prevent malicious code from creating changes to a user’s Windows operating system and other protected data, making it very difficult for malware and other bad actors to create any lasting damage. But in the case of UEFI malware, researchers have discovered a loophole in the Secure Boot system that allows attackers to gain access to a device, even if the Secure Boot feature is enabled.
By exploiting an unpatchable Windows flaw, the UEFI malware is able to modify existing Windows startup settings, such as the Registry and other key configuration files, without being detected by the Security Boot feature. As a result, the malicious code can remain active even after the device has rebooted, running in the background without the user being aware of its presence.
Although Microsoft has released a patch for the specific Windows vulnerability that enables the UEFI malware, the update does not prevent the malicious code from executing on a device if the correct settings are already in place. In other words, devices that have been modified or “prepared” by malicious actors ahead of time to initiate the UEFI malware can still be targeted, even after the patch is applied.
In the future, we may see a rise in attacks targeting the bedrock of operating system security by exploiting other vulnerabilities found in the UEFI firmware. It is thus vital that users ensure the utmost care when protecting their devices against threats, performing regular scans with updated anti-virus and malware protection software, avoiding suspicious or mislabeled links and downloads, and ensuring all installed software is up to date.
