A worrying Windows SecureBoot issue could let hackers install malware - here's what we know, and whether you need to update

• Binarly spotted a legitimate utility, trusted on most modern systems utilizing UEFI firmware, carrying a flaw
• The flaw allowed threat actors to deploy bootkit malware
• Microsoft patched it the June 2025 Patch Tuesday cumulative update

Microsoft has fixed a Secure Boot vulnerability that allowed threat actors to turn off security solutions and install bootkit malware on most PCs.

Security researchers Binarly recently discovered a legitimate BIOS update utility, signed with Microsoft’s UEFI CA 2011 certificate. This root certificate, used in the Unified Extensible Firmware Interface (UEFI) Secure Boot process, plays a central role in verifying the authenticity and integrity of bootloaders, operating systems, and other low-level software before a system boots.

According to the researchers, the utility is trusted on most modern systems utilizing UEFI firmware - but the problem stems from the fact it reads a user-writable NVRAM variable without proper validation, meaning an attacker with admin access to ...