{"id":50911,"date":"2023-03-07T14:43:16","date_gmt":"2023-03-07T14:43:16","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34392\/Stealthy-UEFI-Malware-Bypassing-Secure-Boot-Enabled-By-Unpatchable-Windows-Flaw.html"},"modified":"2023-03-07T14:43:16","modified_gmt":"2023-03-07T14:43:16","slug":"stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/","title":{"rendered":"Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/black-lotus-malware-800x450.jpg\" alt=\"Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Aurich Lawson | Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2023\/03\/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">162<\/span> <span class=\"visually-hidden\"> with <\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 1:single\/related:3b91f53dd8a67ce750992f0353800703 --><!-- empty --><\/p>\n<p>Researchers on Wednesday announced a major cybersecurity find\u2014the world\u2019s first-known instance of real-world malware that can hijack a computer\u2019s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.<\/p>\n<p>Dubbed BlackLotus, the malware is what\u2019s known as a UEFI bootkit. These sophisticated pieces of malware target the UEFI\u2014short for <a href=\"https:\/\/en.wikipedia.org\/wiki\/Unified_Extensible_Firmware_Interface\">Unified Extensible Firmware Interface<\/a>\u2014the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC\u2019s device firmware with its operating system, the UEFI is an OS in its own right. It\u2019s located in an <a href=\"https:\/\/en.wikipedia.org\/wiki\/Serial_Peripheral_Interface\">SPI<\/a>-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch. Previously discovered bootkits such as <a href=\"https:\/\/arstechnica.com\/information-technology\/2023\/03\/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/%E2%80%8B%E2%80%8Bhttps:\/\/arstechnica.com\/information-technology\/2022\/07\/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls\/\">CosmicStrand<\/a>, <a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/10\/custom-made-uefi-bootkit-found-lurking-in-the-wild\/\">MosaicRegressor<\/a>, and <a href=\"https:\/\/securelist.com\/moonbounce-the-dark-side-of-uefi-firmware\/105468\/\">MoonBounce<\/a> work by targeting the UEFI firmware stored in the flash storage chip. Others, including BlackLotus, target the software stored in the <a href=\"https:\/\/en.wikipedia.org\/wiki\/EFI_system_partition\">EFI system partition<\/a>.<\/p>\n<p>Because the UEFI is the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. These traits make the UEFI the perfect place to launch malware. When successful, UEFI bootkits disable OS security mechanisms and ensure that a computer remains infected with stealthy malware that runs at the kernel mode or user mode, even after the operating system is reinstalled or a hard drive is replaced.<\/p>\n<p>As appealing as it is to threat actors to install nearly invisible malware that has kernel-level access, there are a few formidable hurdles standing in their way. One is the requirement that they first hack the device and gain administrator system rights, either by exploiting one or more vulnerabilities in the OS or apps or by tricking a user into installing trojanized software. Only after this high bar is cleared can the threat actor attempt an installation of the bootkit.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>The second thing standing in the way of UEFI attacks is <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/design\/device-experiences\/oem-secure-boot\">UEFI Secure Boot<\/a>, an industry-wide standard that uses cryptographic signatures to ensure that each piece of software used during startup is trusted by a computer&#8217;s manufacturer. Secure Boot is designed to create a chain of trust that will prevent attackers from replacing the intended bootup firmware with malicious firmware. If a single firmware link in that chain isn\u2019t recognized, Secure Boot will prevent the device from starting.<\/p>\n<p>While researchers have found Secure Boot vulnerabilities in the past, there has been no indication that threat actors have ever been able to bypass the protection in the 12 years it has been in existence. Until now.<\/p>\n<p>On Wednesday, researchers at security firm ESET presented a <a href=\"https:\/\/www.welivesecurity.com\/2023\/03\/01\/blacklotus-uefi-bootkit-myth-confirmed\/\">deep-dive analysis<\/a> of the world\u2019s first in-the-wild UEFI bootkit that bypasses Secure Boot on fully updated UEFI systems running fully updated versions of Windows 10 and 11. While there are no strings or other indicators directly showing the name of the creators or the bootkit, ESET researchers have concluded that it almost certainly corresponds to a bootkit, known as BlackLotus, that has been <a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:share:6986711231885713408\/\">advertised<\/a> in underground cybercrime forums since last year. The price: $5,000, and $200 thereafter for updates.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/Figure-1.-The-timeline-of-individual-events-related-to-BlackLotus-UEFI-bootkit.png\" class=\"enlarge\" data-height=\"1023\" data-width=\"2000\" alt=\"A brief history of BlackLotus.\"><img loading=\"lazy\" decoding=\"async\" alt=\"A brief history of BlackLotus.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/Figure-1.-The-timeline-of-individual-events-related-to-BlackLotus-UEFI-bootkit-640x327.png\" width=\"640\" height=\"327\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/Figure-1.-The-timeline-of-individual-events-related-to-BlackLotus-UEFI-bootkit-1280x655.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/Figure-1.-The-timeline-of-individual-events-related-to-BlackLotus-UEFI-bootkit.png\" class=\"enlarge-link\" data-height=\"1023\" data-width=\"2000\">Enlarge<\/a> <span class=\"sep\">\/<\/span> A brief history of BlackLotus.<\/div>\n<\/figcaption><\/figure>\n<p>To defeat Secure Boot, the bootkit exploits <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21894\">CVE-2022-21894<\/a>, a vulnerability in all supported versions of Windows that <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-21894\">Microsoft patched<\/a> in January 2022. The logic flaw, referred to as <a href=\"https:\/\/github.com\/Wack0\/CVE-2022-21894\">Baton Drop<\/a> by the researcher who discovered it, can be exploited to remove Secure Boot functions from the boot sequence during startup. Attackers can also abuse the flaw to obtain keys for BitLocker, a Windows feature for encrypting hard drives.<\/p>\n<p>CVE-2022-21894 has proven to be especially valuable to the BlackLotus creators. Despite Microsoft releasing new patched software, the vulnerable signed binaries have yet to be added to the <a href=\"https:\/\/uefi.org\/revocationlistfile\">UEFI revocation list<\/a> that flags boot files that should no longer be trusted. Microsoft has not explained the reason, but it likely has to do with hundreds of vulnerable bootloaders that remain in use today. If those signed binaries are revoked, millions of devices will no longer work. As a result, fully updated devices remain vulnerable because attackers can simply replace patched software with the older, vulnerable software.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34392\/Stealthy-UEFI-Malware-Bypassing-Secure-Boot-Enabled-By-Unpatchable-Windows-Flaw.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50912,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[4947],"class_list":["post-50911","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwaremicrosoftflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-07T14:43:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/black-lotus-malware-800x450.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw\",\"datePublished\":\"2023-03-07T14:43:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/\"},\"wordCount\":715,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw.jpg\",\"keywords\":[\"headline,malware,microsoft,flaw\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/\",\"name\":\"Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw.jpg\",\"datePublished\":\"2023-03-07T14:43:16+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,microsoft,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwaremicrosoftflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/","og_locale":"en_US","og_type":"article","og_title":"Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-03-07T14:43:16+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/black-lotus-malware-800x450.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw","datePublished":"2023-03-07T14:43:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/"},"wordCount":715,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw.jpg","keywords":["headline,malware,microsoft,flaw"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/","url":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/","name":"Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw.jpg","datePublished":"2023-03-07T14:43:16+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/stealthy-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,microsoft,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwaremicrosoftflaw\/"},{"@type":"ListItem","position":3,"name":"Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50911","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50911"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50911\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50912"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50911"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}