AAPL $314.86 -0.95% ▼ ADBE $220.78 -4.01% ▼ AMD $548.13 +2.92% ▲ AMZN $247.49 +0.32% ▲ ASML $1,775.64 +2.94% ▲ AVGO $389.11 +1.48% ▲ CRM $167.56 -1.64% ▼ CRWD $210.73 +12.94% ▲ CSCO $117.09 -1.81% ▼ FTNT $166.83 +3.62% ▲ GOOGL $359.51 +1.82% ▲ IBM $217.07 -24.76% ▼ INTC $107.76 +5.21% ▲ INTU $282.43 -2.93% ▼ MA $538.02 +0.31% ▲ META $661.04 +0.78% ▲ MRVL $222.44 +3.93% ▲ MSFT $384.93 -1.23% ▼ MU $983.12 +6.77% ▲ NOW $104.85 -5.04% ▼ NVDA $211.80 +4.21% ▲ ORCL $127.94 -2.55% ▼ PANW $352.89 +7.32% ▲ PLTR $133.72 +3.76% ▲ QCOM $178.10 -2.85% ▼ SNPS $425.90 -1.75% ▼ SONY $20.80 +0.00% ▲ TXN $305.55 +2.37% ▲ V $356.02 -0.46% ▼ AAPL $314.86 -0.95% ▼ ADBE $220.78 -4.01% ▼ AMD $548.13 +2.92% ▲ AMZN $247.49 +0.32% ▲ ASML $1,775.64 +2.94% ▲ AVGO $389.11 +1.48% ▲ CRM $167.56 -1.64% ▼ CRWD $210.73 +12.94% ▲ CSCO $117.09 -1.81% ▼ FTNT $166.83 +3.62% ▲ GOOGL $359.51 +1.82% ▲ IBM $217.07 -24.76% ▼ INTC $107.76 +5.21% ▲ INTU $282.43 -2.93% ▼ MA $538.02 +0.31% ▲ META $661.04 +0.78% ▲ MRVL $222.44 +3.93% ▲ MSFT $384.93 -1.23% ▼ MU $983.12 +6.77% ▲ NOW $104.85 -5.04% ▼ NVDA $211.80 +4.21% ▲ ORCL $127.94 -2.55% ▼ PANW $352.89 +7.32% ▲ PLTR $133.72 +3.76% ▲ QCOM $178.10 -2.85% ▼ SNPS $425.90 -1.75% ▼ SONY $20.80 +0.00% ▲ TXN $305.55 +2.37% ▲ V $356.02 -0.46% ▼

Microsoft Secure Boot Vulnerability Exposes Decade-Long Firmware Risk

July 15, 2026 · by TPW Pipeline

Microsoft Secure Boot Vulnerability Exposes Decade-Long Firmware Risk

A fundamental security protocol designed to protect devices from low-level firmware attacks has been circumventable for the vast majority of its lifespan, according to findings from security researchers at ESET. The investigation reveals that Microsoft Corporation left vulnerable software components signed and valid for 13 years, creating a persistent pathway for attackers to bypass critical defenses.

The vulnerability centers on “shims,” small software components created to extend the Secure Boot standard to Linux systems and utility tools. Microsoft, responsible for signing these shims to verify their authenticity, reportedly failed to revoke 11 specific firmware images after they were identified as defective. The earliest known vulnerable image dates back to 2013. Because these shims remained signed, they can be exploited by relatively unsophisticated actors to bypass the Unified Extensible Firmware Interface (UEFI) protections embedded in device motherboards.

This security oversight poses a risk to both Windows and Linux environments. By leveraging the compromised shims, an attacker can subvert the chain of trust required during the boot process. This allows for the installation of malicious firmware that executes immediately upon startup. Such infections are particularly difficult to eradicate because they can survive standard remediation efforts, including operating system reinstallation and hard drive replacement.

The discovery highlights a significant gap in the maintenance of the Secure Boot infrastructure, a standard that has become a cornerstone of modern device security. As the company responsible for the signing authority, the failure to invalidate these keys effectively rendered the protection mechanism unreliable for over a decade. Shares of Microsoft were trading lower during the session, with the stock down 1.23%.

What to watch

  • Official statements from Microsoft regarding patch guidance or revocation plans for the affected shims.
  • Updates from major motherboard and firmware vendors on mitigation strategies.
  • Upcoming earnings calls for commentary on enterprise security investments and incident response.

Source: original release