ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities.
11 old and forgotten UEFI shim bootloaders at versions 0.9 and below that can be used to bypass UEFI Secure Boot on any UEFI-based machine that trusts Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate authority (CA) certificate, regardless of the installed operating system (OS).
I get why you’d dislike that wording, but this is also how all certificate stores work, regardless of whether we’re talking Secure Boot, Windows or Linux. Gotta trust the top level as providing legitimate certificates to then trust everything underlying as coming from the correct parties.
Certificate are something I work with constantly at work and I fucking hate resolving issues with them lol.
MS has mastered the one thing businesses love which is being perfectly mediocre. If you present a business two pieces of software one that does one thing really well but nothing else, and one that does three things terribly, they’ll pick the one that does three things terribly every time. That’s the MS design, it smears a thin coating of suck across as broad a surface as possible and then advertises that it does everything.
This “Trust” is one of my pet peeves. It’s $$$.
I get why you’d dislike that wording, but this is also how all certificate stores work, regardless of whether we’re talking Secure Boot, Windows or Linux. Gotta trust the top level as providing legitimate certificates to then trust everything underlying as coming from the correct parties.
Certificate are something I work with constantly at work and I fucking hate resolving issues with them lol.
It’s not just the wording.
Precisely.
Check out cacert.org and why it never gained “Trust”. Hint: $$$
Add this to the pile of reasons why M$ is a joke and people should stop using them. Nothing they make is so good that you need to stick around.
MS has mastered the one thing businesses love which is being perfectly mediocre. If you present a business two pieces of software one that does one thing really well but nothing else, and one that does three things terribly, they’ll pick the one that does three things terribly every time. That’s the MS design, it smears a thin coating of suck across as broad a surface as possible and then advertises that it does everything.