Researchers have identified two methods that can completely bypass Secure Boot security, designed to ensure only secure operating systems load at startup. Microsoft is addressing one vulnerability in its recent security update but is leaving the other unaddressed for now. The main vulnerability discovered, CVE-2025-3052, allows physical access attackers to disable Secure Boot on numerous devices, paving the way for malicious software installation. This exploit could escalate to remote attacks if the attacker has administrator rights, thus undermining Secure Boot's purpose.
The discovery of two methods that bypass Secure Boot highlights significant vulnerabilities in devices designed to ensure secure OS loading.
Microsoft's recent patch addresses a vulnerability that allows physical access attackers to disable Secure Boot, affecting over 50 devices.
Collection
[
|
...
]