Find notable cyber news and cases, enriched with sources, timelines, and signals.

UEFI shim Secure Boot bypass (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 1
1 unique sources, 1 articles

Summary

Hide ▲

Researchers identified 11 old, Microsoft-signed UEFI shim bootloaders that can bypass Secure Boot on systems trusting the Microsoft Corporation UEFI CA 2011 certificate, creating a path to arbitrary code execution during boot. The affected shims can let an attacker load malicious code before the operating system starts, enabling UEFI bootkits and other persistent malware. Microsoft revoked the impacted shims in June 2026 Patch Tuesday after responsible disclosure earlier in February 2026. The issues are tracked as CVE-2026-8863 and CVE-2026-10797.

Related Happenings

Apple A12/S4/S5/A13 BootROM usbliter8 authentication bypass flaw

Vulnerability
H score27 First: 22.06.2026 17:00 Last: 22.06.2026 17:00 Sources 1

About this happening: Researchers disclosed **usbliter8**, an **unpatchable BootROM flaw** affecting **Apple A12, S4/S5, and A13** SoCs, creating boot-chain compromise risk for devices with **physical...

Timeline

  1. 14.07.2026 15:46 1 articles · 1h ago

    Microsoft Corporation UEFI CA 2011 certificate expires

    Legal Policy Action Update

    The Microsoft Corporation UEFI CA 2011 third-party UEFI certificate authority certificate reached expiration, while systems that still trust bootloaders signed with that certificate remained exposed unless the vulnerable binaries were explicitly revoked by hash. Microsoft later replaced it with Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023.

    Show sources
  2. 14.07.2026 15:46 2 articles · 1h ago

    ESET identifies 11 Microsoft-signed UEFI shim bootloaders that bypass Secure Boot

    Initial Disclosure

    ESET reported that 11 old Microsoft-signed UEFI shim bootloaders can bypass Secure Boot on systems that trust the Microsoft Corporation UEFI CA 2011 certificate, enabling arbitrary code execution during system boot and the deployment of UEFI bootkits such as Bootkitty, HybridPetya, or BlackLotus. The issues are tracked as CVE-2026-8863 and CVE-2026-10797.

    Show sources