Microsoft-Signed Firmware Module Bypasses Secure Boot

A Microsoft-signed firmware module, discovered in November 2024, contained a vulnerability (CVE-2025-3052) allowing attackers to disable Secure Boot silently. The flaw, stemming from an UEFI memory corruption issue, was patched by Microsoft in June 2025, revoking the certificate for the affected modules.