A valid signature stopped meaning safe code
Secure Boot did exactly what it was built to do, and that was the problem. On 14 July the security firm ESET published research, led by Martin Smolar, showing eleven Microsoft-signed bootloaders, all at version 0.9 or below, that a machine will happily run because the signature is genuine. The code behind that signature is a decade old and broken, but Secure Boot checks the signer, not the safety of what was signed.
The result is an attacker who can execute unverified code at boot time on nearly any UEFI computer. ESET reported the finding to the coordination centre CERT/CC in February, and Microsoft added all eleven files to its revocation list on 9 June. The gap between a trusted signature and trustworthy code is the whole story, and it is not closed by the patch alone.
How the bypass works
The attacker does not break anything; they supply something already trusted. Most UEFI systems carry Microsoft's third-party certificate, the Microsoft Corporation UEFI CA 2011, in their list of allowed signers. An attacker copies one of the old signed bootloaders onto the EFI System Partition, the small boot area of the disk, and the firmware accepts it because the signature traces back to that trusted certificate. No administrator rights are needed, only the ability to write that file.
From there, three old gaps do the work. The bootloaders trust outdated GRUB 2 code carrying a 2015 flaw that runs unverified modules; versions below 0.9 lack the revocation list that would block known-bad certificates; and versions before 15.3 ignore SBAT, the newer mechanism meant to retire vulnerable binaries. Tracked as CVE-2026-8863 and CVE-2026-10797, the chain ends with attacker code running before the operating system loads, which is the ideal place to hide.
Why the patch is the easy part
Revocation only protects a machine that actually received it. Microsoft's 9 June fix adds the eleven files to dbx, the firmware blocklist, and on managed Windows fleets that update flows through normal channels. The catch is that many organisations deliberately hold back firmware-level blocklist changes, because a wrong dbx entry can leave a device unable to boot, and that risk is higher on older or dual-boot hardware. The revocation exists; whether it reached your machines is a separate question.
The deeper issue is counting. The public shim-review record only began in 2017, and there is no comparable list of what was signed before then, so no one can state with confidence how many old, still-trusted bootloaders are out there. Eleven is the number ESET could name, not the number that exists. A control that depends on knowing every trusted signer is weak exactly where the inventory runs out.
What to actually check this week
Treat this as a revocation-hygiene task, not a single patch. Confirm that the 9 June dbx update genuinely applied across the estate rather than assuming it did; ESET points to audit tooling and PowerShell checks that report the current revocation state. Extend the check beyond Windows, because Linux servers and appliances take the same fix through the Linux Vendor Firmware Service, and dual-boot laptops are the classic blind spot.
For European operators the framing is now regulatory as well as technical. Under NIS2, the integrity of the boot chain falls within the security measures an essential entity is expected to demonstrate, and a firmware bootkit is exactly the kind of persistence a supervisor will ask about after an incident. The owner action is simple to state and easy to skip: verify what your firmware still trusts, and prove the block landed.
Read next: 570 Windows Patches in One Day, Two Already Exploited | An 18-Year-Old Cisco Bug Now Has a 3-Day Deadline



