+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

Critical UEFI Secure Boot Vulnerability (CVE-2024-7344)

Recently, cybersecurity researchers uncovered a severe vulnerability within the Unified Extensible Firmware Interface (UEFI) Secure Boot system, tracked as CVE-2024-7344. This flaw allows attackers to bypass Secure Boot protections, enabling them to execute unauthorised code during the boot process. This type of vulnerability poses a significant threat, as it can lead to the deployment of persistent bootkits that compromise the integrity of a system.

What is UEFI Secure Boot?

The Unified Extensible Firmware Interface (UEFI) is a modern firmware standard that manages the initialisation of hardware and transfers control to the operating system (OS) during start-up. Secure Boot is a critical feature of UEFI designed to ensure that only trusted software signed by original equipment manufacturers (OEMs) is executed during the boot process. By verifying the digital signatures of bootloaders and other components, Secure Boot prevents unauthorised or malicious software from loading.

The CVE-2024-7344 Vulnerability Explained

The vulnerability, CVE-2024-7344, arises from the improper use of custom Portable Executable (PE) loaders in certain UEFI applications. These loaders bypass standard UEFI functions such as LoadImage and StartImage, failing to perform critical security checks. Instead, they permit the loading of any UEFI binary, including unsigned and potentially malicious ones, from a specially crafted file named cloak.dat.

This flaw enables attackers to execute untrusted code during system startup, effectively bypassing the Secure Boot mechanism. This opens the door for persistent threats, such as bootkits, which can embed themselves deeply into the firmware, making them difficult to detect and remove.

Affected Devices and Software

The vulnerability impacts several system recovery tools and software packages from multiple vendors, including:

These tools, signed using Microsoft’s UEFI Certificate Authority, are widely deployed, making this a significant issue across various industries.

Risks and Exploitation Scenarios

By exploiting CVE-2024-7344, attackers can achieve persistent access to a target system through the installation of UEFI bootkits. These bootkits operate at the firmware level, loading before the operating system, making them resistant to detection by conventional security tools. This persistence allows attackers to:

  • Maintain Stealth: Operate undetected for extended periods.
  • Exfiltrate Sensitive Data: Intercept credentials, encryption keys, and other critical information.
  • Compromise Entire Networks: Use the foothold to pivot to other systems within an organisation.

Such vulnerabilities are particularly concerning for enterprises, critical infrastructure, and government systems, where the compromise of a single system can have widespread consequences.

How to Mitigate the Vulnerability

Addressing this vulnerability requires prompt action from affected vendors and users. The following steps are essential to mitigate the risk:

  1. Apply Patches: Vendors have released updates to address the vulnerability in their respective products. Users must ensure that they are using the latest versions of these tools.
  2. Update Secure Boot Revocation Lists: Microsoft has revoked the affected UEFI binaries as part of its Patch Tuesday updates on 14 January 2025. Users should ensure that their systems’ Secure Boot revocation lists are up to date.
  3. Monitor System Integrity: Use tools capable of detecting unauthorised changes to firmware or the boot process. For example, employ UEFI integrity monitoring solutions.
  4. Enable Firmware-Level Security Features: Where supported, enable hardware-based protections, such as Intel Boot Guard or AMD Platform Secure Boot.

Lessons and Best Practices

The discovery of CVE-2024-7344 highlights several critical lessons about the importance of firmware security:

  • Avoid Custom PE Loaders: Developers should rely on standard UEFI functions for loading and verifying binaries to ensure compliance with security best practices.
  • Regularly Update Firmware: Outdated firmware often contains vulnerabilities that attackers can exploit. Organisations should establish processes for timely updates, such as following Cyber Essentials principles by installing all High & Critical rated patches within 14 days of release.
  • Adopt Zero Trust Principles: Assume that all components, even those trusted previously, may be vulnerable, and continuously verify their integrity.
  • Educate IT Teams: Ensure that IT staff are trained in recognising and mitigating threats at the firmware level.
  • Conducting Regular Penetration Testing: By running regular network penetration tests across your network, you can further identify vulnerabilities or Indicators Of Compromise (IoC)

The CVE-2024-7344 vulnerability underscores the critical need for vigilance in firmware security. As attackers increasingly target low-level systems to evade traditional defences, organisations must prioritise proactive measures to secure their infrastructure. By applying patches, maintaining up-to-date revocation lists, and leveraging advanced monitoring tools, organisations can mitigate the risks posed by this vulnerability and strengthen their overall cybersecurity posture.

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

CREST
CCS
ISO9001
ISO27001
CE-PLUS

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

"SecureTeam have provided penetration testing for our system since 2021, and I cannot recommend them enough. The service is efficient & professional, and the team are fantastic to work with; always extremely helpful, friendly, and accommodating."

Lexxika Commercial Director

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.