Microsoft has intensified its Home windows 11 marketing campaign through the use of aggressive ways, together with full-screen multipage popup ads, to induce Home windows 10 customers to improve earlier than the working system’s imminent loss of life, slated for October 14, 2025. Nevertheless, Home windows 10 continues to dominate the market share with a staggering 62.73%, per StatCounter’s December 2024 report.
Person reluctance to improve to Home windows 11 can partly be attributed to Microsoft’s stringent operating system requirements. These requirements limit the operating system’s accessibility to unsupported {hardware} lacking salient options like Safe Boot and TPM.
READ MORE: Microsoft makes its stringent TPM 2.0 Windows 11 upgrade requirement “non-negotiable”
Whereas these safety features are designed to maintain the working system safe, a vulnerability (CVE-2024-7344) has been accessible to dangerous actors for over seven months, making Home windows 11 prone to malicious assaults. Nevertheless, Microsoft finally patched the security threat earlier this week.
For context, the vulnerability allowed hackers to realize unauthorized entry to a tool and run malicious assaults through the bootup course of. As it’s possible you’ll know, Safe Boot is likely one of the stringent system necessities for working Home windows 11. The safety characteristic prevents malicious firmware from working when a tool is booting.
Hackers usually deploy assaults earlier than a tool begins as a result of it permits them to cover the ploys in plain sight earlier than Home windows masses, making it troublesome to determine them. Furthermore, it makes the malware much less prone to protection mechanisms that ship with the working system.
UEFI safety: Win some, lose some
As highlighted by ArsTechnica, Martin Smolár, a safety researcher at ESET, made a stunning discovery final 12 months. The researcher observed {that a} digitally signed app bypassed Microsoft’s strict manual review process for third-party UEFI apps. For context, Smolár made this deduction when SysReturn, a real-time system restoration software program from Howyar Applied sciences, bypassed the stringent course of. The researcher additional disclosed that the app was buried below an XOR-encoded UEFI app known as reloader.efi.
The handbook assessment course of leverages UEFI’s LoadImage and StartImage for the Safe Boot course of. Nevertheless, reloader.efi used a customized PE loader (Moveable Executable File Format), bypassing Microsoft’s assessment course of and overlooking crucial safety checks. Maybe extra regarding, reloader.efi wasn’t distinctive to Howyar Applied sciences’ system restoration software program. It was additionally constant throughout different apps from six totally different suppliers, together with:
- Howyar SysReturn earlier than model 10.2.023_20240919
- Greenware GreenGuard earlier than model 10.2.023-20240927
- Radix SmartRecovery earlier than model 11.2.023-20240927
- Sanfong EZ-back System earlier than model 10.3.024-20241127
- WASAY eRecoveryRX earlier than model 8.4.022-20241127
- CES NeoImpact earlier than model 10.1.024-20241127
- SignalComputer HDD King earlier than model 10.3.021-20241127
Whereas Microsoft has since patched the vulnerability with vital safety points, it allowed hackers to deploy assaults past units with malicious software program put in. They may simply set up the malicious software program due to privileged admin management over prone Home windows PCs as they’d use the digital signature within the working system to put in the malware through the begin course of.