Unkillable UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw
We’ve all seen the headlines about massive ransomware attacks and businesses being forced to pay hefty sums to get their data back. What’s often left out of the conversation is how these attacks happen in the first place.
One of the most common ways is through UEFI malware, which is able to bypass Secure Boot and infect a system without being detected.
Now, there’s a new UEFI malware strain that’s even more dangerous because it’s using an unpatchable Windows flaw to stay hidden.
This means that even if you have Secure Boot enabled, you could still be at risk.
So what is UEFI malware and how can you protect yourself from it?
UEFI malware is a type of malicious code that’s designed to infect a system’s UEFI (Unified Extensible Firmware Interface).
The UEFI is responsible for booting the system and it’s where you’ll find the BIOS (basic input/output system).
UEFI malware is difficult to detect because it doesn’t need to be signed like other types of malware. This means it can bypass Secure Boot, which is designed to protect against unsigned code.
Once the UEFI is infected, the malware can change the boot order, making it difficult to boot into an alternative operating system that can remove the malware.
In some cases, the malware can also encrypt the UEFI, preventing the system from booting altogether.
The new strain of UEFI malware, called RedBoot, is particularly dangerous because it’s using an unpatchable flaw in Windows to stay hidden.
The flaw, known as CVE-2020-1019, affects the way that Windows handles boot order changes.
RedBoot is able to exploit this flaw to make changes to the boot order without being detected. This means that even if you have Secure Boot enabled, you could still be at risk.
To make matters worse, RedBoot is also designed to encrypt the UEFI, making it impossible to boot into an alternative operating system.
The only way to remove RedBoot is to use a UEFI flashing tool to overwrite the infected UEFI with a clean copy.
However, this is a risky proposition, as it could brick the system if done incorrectly.
The best way to protect yourself from UEFI malware is to ensure that you have Secure Boot enabled.
You should also make sure that your system is up to date with the latest security patches.
Additionally, you can use a boot manager, like GRUB2, to control the boot order and prevent malware from changing it.
Finally, you can use a security program that offers UEFI scanning, like Bitdefender Total Security, to detect and remove UEFI malware.