VU#529659: Howyar Reloader UEFI Bootloader Vulnerable to Unsigned Software Execution
The Howyar UEFI Reloader application, used for early boot management, contains a vulnerability that allows the execution of unsigned code during the boot process. This bypasses UEFI Secure Boot, which is designed to prevent the execution of unauthorized code.The vulnerability stems from the Reloader's failure to use the standard BootServices LoadImage() API for safe application execution, allowing any unsigned software to be executed with high privileges in the UEFI context.An attacker with the ability to update the UEFI bootloader can exploit this vulnerability to bypass Secure Boot and run malicious code.To mitigate the vulnerability, update the Reloader application and the UEFI Secure Boot Forbidden Signature Database (DBX).The impact of the vulnerability includes the ability to bypass Secure Boot, execute arbitrary code before the OS loads, and persist malicious code on the system.Enterprises and cloud providers should prioritize applying the updates and testing the DBX file changes to ensure system stability.Howyar Technologies and Microsoft have released updates to address the vulnerability.Researchers at ESET discovered the vulnerability and worked with Howyar Technologies to resolve it.Changes to the DBX file can lead to system instability, so vendors should thoroughly test updates before implementing them.