Microsoft Confirms Decade-Old Flaw Let Hackers Bypass Windows Secure Boot
Forgotten digital "shims" the company never revoked left PCs open to simple bypasses, researchers say

Microsoft has acknowledged that a security bypass allowing attackers to circumvent Secure Boot, the feature meant to stop malicious software from loading before Windows starts, has existed undetected for roughly a decade, according to Ars Technica.
The vulnerability traces to old "shims," small pieces of software that bridge trusted and untrusted code during startup, which Microsoft failed to revoke even though they had become exploitable. Because those shims remained trusted by Windows systems, attackers could use them to slip malicious code past Secure Boot's defenses, effectively defeating a protection built into most modern PCs, Ars Technica reported.
Secure Boot is designed to verify that only software trusted by a computer's manufacturer runs at startup, a safeguard against rootkits and other low-level malware that can be difficult to detect or remove once installed. Ars Technica reported that the bypasses made possible by the unrevoked shims were simple to carry out once discovered, raising questions about how the flaw went unnoticed for so long.
— Compiled from reporting by Ars Technica.

