Sometimes the features designed to keep our computers safe can put us most at risk thanks to a worrying security flaw that can be exploited by hackers in their attacks.
As reported by BleepingComputer, a new Secure Boot bypass (tracked as CVE-2025-3052) was recently discovered that can be used to disable Windows 11’s built-in security measures to install bootkit malware.
Unlike your typical Windows malware, bootkit malware targets your computer’s boot process which allows an attacker to gain full control over your operating system before it even loads. To make matters worse, this type of malware is also persistent and can remain on your PC even after you reinstall Windows.
Here’s everything you need to know about this new Secure Boot flaw and why it’s imperative that you update your Windows PC right now to stay safe from any attacks exploiting it.
Bypassing Secure Boot
According to a new blog post, this flaw was discovered by Binarly security researcher Alex Matrosov after he found a BIOS-flashing utility online. Signed with Microsoft’s UEFI signing certificate, the utility in question was originally designed for rugged tablets. However, it can run on any of the best Windows laptops or desktops with Secure Boot enabled.
First introduced back in 2012 with the release of Windows 8, Secure Boot was created to protect against bootkit malware by ensuring that only trusted software could load during a PC’s startup sequence. Ironically, thanks to this flaw, Secure Boot-enabled PCs are now vulnerable to the very thing this security feature was designed to protect against.
Following an investigation, it was discovered that the vulnerable module in the utility found by Mastrosov had been available online since at least the end of 2022, though it wasn’t until last year that it was uploaded to the malware detection service VirusTotal.
To show how serious this flaw was, he and the team at Binarly created a proof of concept (PoC) exploit that set the LoadImage function used to enforce Secure Boot to zero which effectively disabled it. With this feature disabled, an attacker can install bootkit malware that can hide from both Windows and any security software installed on a system.
Back in February of this year, Mastrosov disclosed the flaw to Microsoft and a fix for it was created. However, while it worked to address the flaw, the software giant determined that it impacted 13 other modules which then had to be fixed as well.
How to keep your Windows PC safe
So how do you protect yourself from malware that starts before Windows even loads and can easily bypass the best antivirus software? Well, by updating your PC with the latest security updates from Microsoft.
In June’s Patch Tuesday updates, Microsoft has included a fix for this major security flaw along with patches for other recently discovered vulnerabilities. However, the company has also added 14 new hashes to its Secure Boot dbx revocation list. Fortunately for you, this updated dbx file is contained within Microsoft’s latest round of Patch Tuesday updates.
While installing the latest Windows updates may seem tedious at times, I highly recommend that you stop and take the time to do so as Microsoft often includes fixes for a variety of different security flaws while also adding new features to its operating system.
Given that Patch Tuesday takes place on the second Tuesday of every month, at least you know ahead of time when these very important updates will arrive. This way, you can set aside the time needed to install them or better yet, set your PC to install them automatically.
When dealing with security flaws that can bypass your antivirus software, the best identity theft protection services can help you recover your identity as well as any funds lost to malware or other scams as a result of them. Keep in mind though that for identity theft insurance to pay out, you need to be signed up for one of these services before an attack takes place.
Although this Secure Boot bypass is worrying, it’s worth noting that it wasn’t exploited by hackers in the wild. Instead, security researchers created an exploit for it in order to show how dangerous this flaw could be if knowledge of it ended up in the wrong hands. Either way, it’s a great reminder as to why it’s so important to keep your PC (and all of the computers in your household for that matter) up to date.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
