Microsoft is pushing harder with its promotion of Windows 11 by employing assertive strategies such as large, multi-page pop-up ads that fill the entire screen to persuade users of Windows 10 to upgrade before the anticipated end date of October 14, 2025. Despite this, Windows 10 still holds a strong lead in market share with an impressive 62.73%, according to StatCounter’s report from December 2024.
Some users are hesitant about upgrading to Windows 11 because Microsoft has set high standards for the compatible operating systems, which may exclude devices that lack essential components such as Secure Boot and Trusted Platform Module (TPM).
Although these built-in security measures aim to safeguard Windows 11, a weakness (CVE-2024-7344) has been exploitable by cybercriminals for approximately seven months now, potentially exposing the system to harmful assaults. Fortunately, Microsoft addressed this security concern by issuing a patch just recently.
In simpler terms, this vulnerability enabled unauthorized individuals to break into a device before it fully started up and carry out harmful activities. Notably, Secure Boot is an essential system requirement for operating Windows 11, as it stops potentially dangerous startup software from functioning during the boot process.
As an analyst, I’ve noticed that hackers frequently initiate their attacks on devices even before they boot up. This strategy allows them to conceal their tactics within the system’s initial state, before Windows loads, making it challenging for us to detect them. Additionally, this approach makes malware less vulnerable to built-in defense mechanisms in the operating system.
UEFI security: Win some, lose some
According to ArsTechnica’s report, Martin Smolár, a security expert at ESET, uncovered a surprising finding last year: A digitally signed application managed to bypass Microsoft’s rigorous manual review process for third-party UEFI apps. This revelation came when SysReturn, a real-time system recovery software from Howyar Technologies, successfully evaded the strict scrutiny. Smolár went on to reveal that the app was concealed beneath an XOR-encoded UEFI app named reloader.efi.
The manual inspection procedure utilizes UEFI’s LoadImage and StartImage for the Secure Boot operation. However, instead of using Microsoft’s standard loader during this process, reloader.efi opted for a custom PE loader (Portable Executable File Format). This move circumvented Microsoft’s examination and disregarded essential security checks. Furthermore, it was found that reloader.efi wasn’t exclusive to Howyar Technologies’ system recovery software. In fact, it showed up consistently in other apps from six different vendors, including:
- Howyar SysReturn before version 10.2.023_20240919
- Greenware GreenGuard before version 10.2.023-20240927
- Radix SmartRecovery before version 11.2.023-20240927
- Sanfong EZ-back System before version 10.3.024-20241127
- WASAY eRecoveryRX before version 8.4.022-20241127
- CES NeoImpact before version 10.1.024-20241127
- SignalComputer HDD King before version 10.3.021-20241127
Although Microsoft has since fixed the vulnerability that posed major security risks, it provided hackers an opportunity to execute attacks beyond devices with pre-installed malicious software. This was possible because the hackers had administrative privileges over vulnerable Windows PCs. They exploited the digital signature in the operating system to install the malware during the startup process, making the installation of the harmful software effortless.
Read More
- GBP EUR PREDICTION
- POL PREDICTION. POL cryptocurrency
- SEI PREDICTION. SEI cryptocurrency
- TRB PREDICTION. TRB cryptocurrency
- CNY RUB PREDICTION
- HBAR PREDICTION. HBAR cryptocurrency
- RLC PREDICTION. RLC cryptocurrency
- CTXC PREDICTION. CTXC cryptocurrency
- TNSR PREDICTION. TNSR cryptocurrency
- OKB PREDICTION. OKB cryptocurrency
2025-01-17 20:39