Nearly a dozen vulnerable and now revoked UEFI shim bootloaders remained trusted for years, giving attackers a path to bypass Secure Boot.

July 15, 2026

Researchers recently discovered 11 vulnerable but still trusted UEFI shim bootloaders that attackers could have used to bypass Secure Boot on systems that trust Microsoft's third-party UEFI signing certificate.

The Unified Extensible Firmware Interface (UEFI) consists of motherboard software that connects that operating system and hardware.

Microsoft revoked the vulnerable bootloaders in June through Secure Boot revocation updates after ESET reported the findings, but unpatched systems may continue to trust the components and remain exposed to boot-level attacks.