For a decade and a half, Microsoft’s Secure Boot—a feature designed to protect devices from firmware infections—has been effortlessly bypassed by hackers. Researchers at ESET uncovered this vulnerability, finding that outdated ‘shims’ used to support Linux on certain devices can be deployed as a backdoor, allowing malicious firmware installation.
This flaw isn’t just an inconvenience—it poses significant risks for both Windows and Linux users. With Secure Boot compromised, attackers can install bootkits, which remain active even after OS reinstallation or hard drive replacement. The discovery highlights the importance of revoking old, vulnerable shims to maintain security.
The threat extends beyond individual devices; it underscores a broader issue in how tech companies manage their security protocols and updates. As Martin Smolár from ESET points out, “no new vulnerability is needed” to bypass Secure Boot—a simple trick for even novice hackers can undermine one of the most essential security features.
The introduction of Secure Boot in 2012 aimed to counteract bootkits like LoJax and MosaicRegressor. Without it, attackers could use physical access to install persistent malware, making devices vulnerable long after they leave a manufacturer’s hands. This revelation calls into question the robustness of current security measures across the tech industry.
As we continue to rely on increasingly complex technology, this discovery serves as a stark reminder that no system is foolproof. It challenges us to reassess our trust in automated security systems and push for more rigorous and proactive approaches to cybersecurity.







