The vulnerability arises due to the use of a non-standard, custom PE loader, which undermines the secure UEFI functions meant to protect system integrity during boot.
Successful exploitation of the CVE-2024-7344 vulnerability could lead to the execution of untrusted code, enabling attackers to deploy UEFI bootkits, even with Secure Boot enabled.
Secure Boot, a vital UEFI mechanism, is designed to prevent malware by ensuring only trusted software is loaded during system startup, highlighting the significance of the identified vulnerability.
Affected applications include real-time recovery software from various vendors, thereby impacting a range of systems that rely on these UEFI applications for legitimate functionalities.
Collection
[
|
...
]