Researchers at security firm ESET have uncovered that Microsoft’s Secure Boot—a UEFI firmware safeguard used by both Windows and Linux—can be bypassed with legacy shim files that have remained vulnerable for most of its 14‑year lifespan. The team identified eleven firmware images, including one dating back to 2013, that were known to be defective yet continued to carry Microsoft’s signature.
Secure Boot depends on signed shim binaries to bridge the boot process between operating systems. Microsoft, which controls the signing and revocation of these shims, failed to withdraw the compromised images after their flaws were discovered. Because the shims remain trusted, a novice hacker can load them to break the required chain of digitally signed firmware.
The vulnerability enables an attacker to install malicious firmware that executes early in the boot sequence and survives OS reinstalls or hard‑drive replacements, affecting both Windows and Linux users. Security experts advise users to ensure their firmware is up to date and call on Microsoft to promptly revoke the affected shims while hardware vendors issue corrective updates.


