Microsoft Fails to Revoke Obsolete UEFI Shims for 13 Years Exposing Millions of PCs to Rootkits
> cd .. / HUB_EDITORIALE
News

Microsoft Fails to Revoke Obsolete UEFI Shims for 13 Years Exposing Millions of PCs to Rootkits

[2026-07-15] Author: Ing. Calogero Bono
> share
Zenithby Meteora Web The operating system for your business. Social, clients, bookings and invoices in one platform. Gyms, barbers, professionals. Discover Zenith Free demo · no card

A widespread firmware security flaw has exposed Windows and Linux devices to persistent attacks for over a decade. Researchers at ESET discovered that Microsoft left eleven firmware shims active, some dating back to 2013, without revoking the digital certificates that allow them to execute during the UEFI secure boot process. This oversight made it trivial to bypass Secure Boot, the defense mechanism embedded in motherboards to prevent firmware-level malware installation.

Forgotten shims from 2013 remain signed by Microsoft

Shims are small programs signed by Microsoft, designed to extend Secure Boot to Linux systems and utilities. When a vulnerability is found in a shim, the company should revoke its certificate to prevent misuse. However, ESET identified eleven firmware images, the oldest from 2013, still signed and usable. An attacker can install an obsolete shim to load unsigned code during the boot sequence, completely circumventing UEFI protections. The technique is simple enough to be executed by novice hackers, as highlighted in the ESET report.

Sponsored Protocol

Threat extends to both Windows and Linux users

The threat affects all devices running Windows or Linux with Secure Boot enabled. Once the vulnerable shim is installed, attackers can load malicious firmware that persists even after reinstalling the operating system or replacing the hard drive. This type of firmware rootkit is especially dangerous because it remains invisible to standard antivirus software. The discovery highlights a gap in Microsoft's digital signature management process, which failed to revoke expired or compromised certificates for years. For more on security risks affecting younger users, see the Common Sense Media Report Rates Google Search AI as Unacceptable Risk for Children.

Sponsored Protocol

Impact on trust in Secure Boot

Secure Boot was introduced by Microsoft in 2012 to protect PCs from firmware infections like rootkits. However, this flaw undermines its effectiveness for most of its existence. Millions of devices are potentially vulnerable, absent an update that revokes the defective shims. Microsoft has acknowledged the issue and is working on a solution, but no automatic patch is available for all systems yet. For technical details on how UEFI works, refer to the Wikipedia article on UEFI.

Sponsored Protocol

Experts recommend monitoring firmware updates from motherboard manufacturers and promptly installing UEFI revisions that revoke the shims. Until an official fix is released, the main mitigation remains adopting additional security measures such as cryptographically signed firmware and verified boot. This incident proves how a single failure to revoke can compromise an entire platform's security for years.

Source: https://arstechnica.com/security/2026/07/microsoft-secure-boot-has-been-broken-for-most-of-its-existence

> share
Ing. Calogero Bono

> AUTHOR_EXTRACTED

Ing. Calogero Bono

Ingegnere informatico, fondatore di Meteora Web e Zenith OS. System administrator e progettista di piattaforme, app e CMS proprietari, con esperienza in sviluppo full-stack, marketing digitale ed ecosistema Google.
[ Read Full Dossier ]

> METEORA_WEB // DIGITAL AGENCY

We build the digital presence your business deserves.

Websites, social media, online advertising, e-commerce and high-performance hosting, engineered with method by computer engineers in Sciacca, for all of Italy.

> MW_JOURNAL

> READ_ALL()