Windows 11 flaw lets hackers bypass Secure Boot protections

1.4K

Microsoft hasn’t received much love for Windows 11, with many users still reluctant to ditch Windows 10 even four years after the newer OS launched. The main reasons include Microsoft’s constant push to use its own services, strict hardware requirements, and questionable interface changes.

But if you’re looking for yet another reason to dislike Windows 11, security researchers recently uncovered a critical vulnerability affecting Secure Boot. This feature is supposed to prevent malware from loading during startup. Now, hackers can bypass that protection and silently infect systems. The flaw allows attackers to disable Secure Boot on nearly any modern Windows PC or server, leaving even fully updated devices open to stealthy, undetectable malware.

 

 

 

What is the Secure Boot vulnerability in Windows 11?

The vulnerability, tracked as CVE-2025-3052, was discovered by firmware security firm Binarly. They found that a legitimate BIOS update tool signed by Microsoft could be abused to tamper with the Windows boot process. Once exploited, the flaw allows attackers to shut off Secure Boot entirely. In the wrong hands, this vulnerability could lead to a new generation of malware. These threats could bypass even the most advanced antivirus or detection software.

 

Hackers can abuse Microsoft-signed tools to shut down Secure Boot

At the center of the issue is a BIOS-flashing utility built for rugged tablets. Microsoft signed it using its UEFI CA 2011 certificate. Because that certificate is trusted on nearly every Secure Boot-enabled system, the tool can run without raising alarms. The danger lies in how the tool handles a specific NVRAM variable. Binarly’s researchers found that it reads this variable blindly, without checking what’s inside. That small oversight opens the door to a serious exploit. In a demonstration, Binarly used a proof-of-concept attack to change this variable’s value. By setting it to zero, they were able to overwrite a global setting critical to enforcing Secure Boot. That action completely disabled Secure Boot protections. Once that happens, unsigned UEFI modules can run freely. Attackers can then install stealthy, low-level malware known as bootkits, malware that operates below the Windows operating system itself. For hackers, this method offers the ultimate persistence.

 

Microsoft released a fix-but you must act to stay protected

Binarly reported the flaw to CERT/CC in February 2025. At first, it appeared to affect only a single module. But Microsoft’s deeper investigation uncovered a bigger problem. The same vulnerability affected 14 modules signed with the same trusted certificate. Microsoft responded in June 2025 by revoking the cryptographic hashes of all 14 affected modules. These hashes were added to the Secure Boot revocation list, known as the dbx. This prevents the modules from running during startup. However, this protection is not automatic. Unless users or organizations manually apply the updated dbx, their systems remain vulnerable, even with other patches installed.

 

How long has this Windows tool been circulating?

Binarly revealed that the vulnerable tool had been online since late 2022. Someone uploaded it to VirusTotal in 2024, but it went unnoticed for months. At this point, it’s unclear whether any attackers have used it in the wild. We reached out to Microsoft for comment but did not receive a response before our deadline.

 

6 essential tips to protect your Windows 11 PC from hackers

Protecting your PC doesn’t have to be complicated. Just follow these simple steps to keep hackers at bay and your information safe.

 

1) Keep your computer updated

Software updates aren’t just about new features. They fix serious security issues. In this case, Microsoft has already released a fix for the Secure Boot vulnerability, but it only works if your system is fully updated. Just head to your settings, open Windows Update, and make sure everything is installed. A lot of people delay updates for weeks, but these patches are the first line of defense against threats like this.

 

2) Don’t install tools you don’t fully understand

It might be tempting to download apps that claim to speed up your computer or fix problems, especially ones recommended in YouTube videos or tech forums. But that’s exactly how a lot of threats sneak in. This particular vulnerability came from a legitimate-looking tool that was misused. So if you’re not sure what something does or if it asks for permission to change how your system boots up, skip it. Or ask someone who knows more before clicking anything.

 

3) Use strong antivirus software and leave it running

Even though this new threat targets something deep inside the system, having strong antivirus protection still helps catch related malware. If you’re on Windows, Defender is already built in and does a decent job. But if you don’t want to rely on Windows’ built-in tools, use a third-party antivirus.

 

4) Restart your computer every now and then

This one sounds basic, but it matters. A lot of updates don’t fully apply until after a restart. If you keep putting your computer to sleep or hibernating it for days at a time, your system might still be stuck in an unsafe state. Try to restart it at least every couple of days, or whenever an update asks for it.

 

5) Don’t ignore warnings from Windows or your antivirus

If something pops up telling you a file looks dangerous or that an update is needed, pay attention. It’s easy to get into the habit of closing these messages without reading them, but that’s how problems get missed. If a warning looks confusing or too technical, take a screenshot or a photo and ask someone for help. The important thing is not to ignore it and move on.

 

6) Remove your personal data from people-search sites

Even if hackers don’t directly target you through the Secure Boot flaw, many cyberattacks begin by gathering personal information that’s easily found online. This can include your full name, address, phone number, and even the names of your relatives. Data broker websites collect and publish this information without your consent, putting you at greater risk. Using a personal data removal service helps you reduce your online exposure and make it harder for bad actors to target you.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap – and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

 

Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

 

 

Related links:

• Over 8 million patient records leaked in healthcare data breach
• Malware exposes 3.9 billion passwords in huge cybersecurity threat
• Windows 10 security flaws leave millions vulnerable

 

 

Kurt’s key takeaway

Secure Boot is supposed to be a final safeguard, a last barrier that ensures only verified code can load when a device starts. But this vulnerability shows how easily that trust can be broken. If a single signed utility can disable the entire system’s protection, then the foundation of device security starts to look worryingly thin.

Do you think Microsoft is doing enough to keep your PC secure? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2025 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.