Windows 11 flaw lets hackers bypass Secure Boot protections
But if you're looking for yet another reason to dislike Windows 11, security researchers recently uncovered a critical vulnerability affecting Secure Boot. This feature is supposed to prevent malware from loading during startup. Now, hackers can bypass that protection and silently infect systems. The flaw allows attackers to disable Secure Boot on nearly any modern Windows PC or server, leaving even fully updated devices open to stealthy, undetectable malware.
Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER
The vulnerability, tracked as CVE-2025-3052, was discovered by firmware security firm Binarly. They found that a legitimate BIOS update tool signed by Microsoft could be abused to tamper with the Windows boot process. Once exploited, the flaw allows attackers to shut off Secure Boot entirely. In the wrong hands, this vulnerability could lead to a new generation of malware. These threats could bypass even the most advanced antivirus or detection software.
At the center of the issue is a BIOS-flashing utility built for rugged tablets. Microsoft signed it using its UEFI CA 2011 certificate. Because that certificate is trusted on nearly every Secure Boot-enabled system, the tool can run without raising alarms. The danger lies in how the tool handles a specific NVRAM variable. Binarly's researchers found that it reads this variable blindly, without checking what's inside. That small oversight opens the door to a serious exploit.
In a demonstration, Binarly used a proof-of-concept attack to change this variable's value. By setting it to zero, they were able to overwrite a global setting critical to enforcing Secure Boot. That action completely disabled Secure Boot protections. Once that happens, unsigned UEFI modules can run freely. Attackers can then install stealthy, low-level malware known as bootkits, malware that operates below the Windows operating system itself. For hackers, this method offers the ultimate persistence.
Binarly reported the flaw to CERT/CC in February 2025. At first, it appeared to affect only a single module. But Microsoft's deeper investigation uncovered a bigger problem. The same vulnerability affected 14 modules signed with the same trusted certificate. Microsoft responded in June 2025 by revoking the cryptographic hashes of all 14 affected modules. These hashes were added to the Secure Boot revocation list, known as the dbx. This prevents the modules from running during startup. However, this protection is not automatic. Unless users or organizations manually apply the updated dbx, their systems remain vulnerable, even with other patches installed.
Binarly revealed that the vulnerable tool had been online since late 2022. Someone uploaded it to VirusTotal in 2024, but it went unnoticed for months. At this point, it's unclear whether any attackers have used it in the wild. We reached out to Microsoft for comment but did not receive a response before our deadline.
Protecting your PC doesn't have to be complicated. Just follow these simple steps to keep hackers at bay and your information safe.
1. Keep your computer updated: Software updates aren't just about new features. They fix serious security issues. In this case, Microsoft has already released a fix for the Secure Boot vulnerability, but it only works if your system is fully updated. Just head to your settings, open Windows Update, and make sure everything is installed. A lot of people delay updates for weeks, but these patches are the first line of defense against threats like this.
2. Don't install tools you don't fully understand: It might be tempting to download apps that claim to speed up your computer or fix problems, especially ones recommended in YouTube videos or tech forums. But that's exactly how a lot of threats sneak in. This particular vulnerability came from a legitimate-looking tool that was misused. So, if you're not sure what something does or if it asks for permission to change how your system boots up, skip it. Or ask someone who knows more, before you click anything.
3. Use strong antivirus software and leave it running: Even though this new threat targets something deep inside the system, having strong antivirus protection still helps catch related malware. If you're on Windows, Defender is already built in and does a decent job. But if you don't want to rely on Windows' built-in tools, use a third-party antivirus.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices by visiting CyberGuy.com/LockUpYourTech
4. Restart your computer every now and then: This one sounds basic, but it matters. A lot of updates don't fully apply until after a restart. If you keep putting your computer to sleep or hibernating it for days at a time, your system might still be stuck in an unsafe state. Try to restart it at least every couple of days, or whenever an update asks for it.
5. Don't ignore warnings from Windows or your antivirus: If something pops up telling you a file looks dangerous or that an update is needed, pay attention. It's easy to get into the habit of closing these messages without reading them, but that's how problems get missed. If a warning looks confusing or too technical, take a screenshot or a photo, and ask someone for help. The important thing is not to ignore it and move on.
6. Remove your personal data from people-search sites: Even if hackers don't directly target you through the Secure Boot flaw, many cyberattacks begin by gathering personal information that's easily found online. This can include your full name, address, phone number and even the names of your relatives. Data broker websites collect and publish this information without your consent, putting you at greater risk. Using a personal data removal service helps you reduce your online exposure and make it harder for bad actors to target you.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap - and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out whether your personal information is already out on the web by visiting Cyberguy.com/Delete
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan
Secure Boot is supposed to be a final safeguard, a last barrier that ensures only verified code can load when a device starts. But this vulnerability shows how easily that trust can be broken. If a single signed utility can disable the entire system's protection, then the foundation of device security starts to look worryingly thin.
Do you think Microsoft is doing enough to keep your PC secure? Let us know by writing us at Cyberguy.com/Contact.
Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER
Copyright 2025 CyberGuy.com. All rights reserved.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
7 minutes ago
- Yahoo
Dow falls 600 points, Tesla Europe sales, T. Rowe Price earnings
Here are some of the stories Wall Street is watching on Friday, Aug. 1. All three major indexes (^DJI, ^GSPC, ^IXIC) are falling after the July jobs report revealed slower-than-expected job growth. Tesla (TSLA) sales fell in July in several key European regions, including France, the Netherlands, Denmark, and Sweden, though registrations in Spain and Norway rose. T. Rowe Price (TROW) posted better-than-expected second quarter results. Stay up to date on the latest market action, minute-by-minute, with Yahoo Finance's Market Minute. It's time for Yahoo! Finance's Market Minute. Stocks sinking in the first trading day of August after President Trump officially hit virtually every US trading partner with sweeping tariff hikes. Investors also weighing the latest jobs report that shows signs of a labor market slowdown, the US labor market adding fewer jobs than expected in July, while the unemployment rate moved higher. Turning to Tesla, the EV maker continues to see sales weakness in Europe. Registration data, proxy for sales, was lower for key regions such as France, Netherlands, and Denmark. However, some bright spots for Tesla, too, as registrations for Spain and Norway climb. Lastly, T. Rowe Price reporting better than expected earnings for the second quarter. Meanwhile, assets under management roughly met analyst expectations. Company highlighting it has developed a broad and ongoing plan to reduce its expense growth over time while continuing to invest in capabilities and client reach. And that's your Yahoo! Finance Market Minute. For more on what's trending on Yahoo! Finance, scan the QR code below. Related Videos Apple is still 'behind the 8 ball' as its AI push falls behind Bond yields drop, Figma's volatility, Palantir-Army deal What Trump's tariff hikes could mean for Apple & Amazon Kimberly-Clark, Roku, Joby Aviation: Trending Tickers Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
7 minutes ago
- Yahoo
Jury says Tesla must pay $329 million for a deadly crash involving Autopilot
MIAMI (AP) — A Miami jury ordered Elon Musk's car company on Friday to pay $329 million to victims of a deadly crash involving its Autopilot driver assist technology, opening the door to other costly lawsuits and striking a blow to Tesla's reputation for safety. The federal jury held that Tesla bore significant responsibility because its technology failed and that not all the blame can be put on a reckless driver, even one who admitted he was distracted by his cell phone before hitting a young couple out gazing at the stars. The decision comes as Musk seeks to convince Americans his cars are safe enough to drive on their own as he plans to roll out a driverless taxi service in several cities in the coming months. The decision ends a four-year long case remarkable not just in its outcome but that it even made it to trial. Many similar cases against Tesla have been dismissed and, when that didn't happen, settled by the company to avoid the spotlight of a trial. Bernard Condon And David Fischer, The Associated Press Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
7 minutes ago
- Yahoo
Bitcoin and crypto are on an upswing. How long can it continue?
July was good to Bitcoin, and some analysts think this may just be the warmup. Although Bitcoin was last down 0.35% at $115,396.40, below its record peak of around $123,000, some analysts aren't worried. Tom Lee, managing partner and head of research at Fundstrat Global Advisors who predicted Bitcoin's peak in 2024, has said he thinks Bitcoin willl reach $250,000 before the end of the year. Bitcoin climbed to a record high on July 14 as weekly cryptocurrency investment products saw record weekly inflows, pushing the total crypto market to top $4 trillion for the first time ever. With new legislation signed into law last month and skyrocketing institutional buying, there's little doubt digital assets are becoming more mainstream, they say. Earlier in the year, crypto exchange Coinbase also became the first crypto exchange to join the S&P 500, marking a major milestone for the digital asset industry. "Bitcoin pulling back after reaching a new all-time high is not unusual," said Samer Hasn, Senior Market Analyst at global broker Often, rallies are followed by dips, so people can take some profits around key technical levels. The drops also allow people who are sidelined and don't want to buy at the highs a lower entry point. Regulations give institutions green light The GENIUS Act, signed into law on July 18, creates a regulatory framework for stablecoins, a popular type of cryptocurrency tied to the value of stable assets like the U.S. dollar. The Act "marks a turning point in federal crypto oversight," said Frank Walbaum Market Analyst at socal investing platform Naga. "Regulatory clarity could support institutional adoption and long-term market maturation." Crypto has already seen a flood of new interest, with money flooding into crypto exchange traded funds, or ETFs that trade like stocks on an exchange but have holdings that track an index or other underlying asset. iShares Bitcoin Trust ETF, which seeks to reflect generally the performance of the price of bitcoin, became the fastest growing ETF ever in terms of assets. "The crypto ETF pie is growing fast because of broader adoptions after executive orders by President Donald Trump that are in the process of breaking down regulatory barriers that previously stood in the way of broader crypto adoption," said Bryan Armour, Morningstar's director of ETF and passive strategies. Who's buying crypto? Buyers are mostly young American males, according to a Deutsche Bank survey of U.S., UK and EU residents in June. In the United States, 23% of men versus 13% of women use cryptocurrency as a form of payment or personally invest in crypto, the survey showed. That's up from 20% and 12%, respectively, in January. Individual investors also tend to be young in the U.S. Among 18–34-year-olds, the share of investors increased to 29% in June from 24% in January, due to "excitement over Trump's pro-crypto administration," said Marion Laboure, senior economist at Deutsche Bank. Adoption rates have been on an upwards trend since Trump's election in November. U.S. investors also tend to have more money. U.S. crypto adopters tend to have income above $100,000 annually (34%). It was a 32% adoption rate for those earning between $50,000 and $100,000. More companies also are building Bitcoin treasuries. For example, MicroStrategy, which began buying Bitcoin in 2020, has since sold equity, issued various types of debt and layered stacks of preferred shares on top to raise money to buy more. In its latest earnings regulatory filing, it said it would do so again, selling $4.2 billion more in preferred stock to buy more of the digital coin. Its Bitcoin holdings helped the company's results top second-quarter estimates with a surprising profit. Metaplanet also said in a regulatory filing it plans to potentially issue up to $3.7 billion worth of perpetual preferred shares and use proceeds to buy more Bitcoin. It has said it wants to accumulate 210,000 Bitcoin by the end of 2027. Medora Lee is a money, markets, and personal finance reporter at USA TODAY. You can reach her at mjlee@ and subscribe to our free Daily Money newsletter for personal finance tips and business news every Monday through Friday morning. This article originally appeared on USA TODAY: Bitcoin had a record July. Can its winning streak continue? Sign in to access your portfolio
