CVE-2022-34303: 
vulnerability analysis and mitigation

A security feature bypass vulnerability (CVE-2022-34303) was discovered in Eurosoft bootloaders before 2022-06-01. The vulnerability allows attackers to bypass or tamper with Secure Boot protections through the exploitation of a vulnerable UEFI bootloader that can execute unsigned code during the boot process (CERT VU, NVD).

The vulnerability exists in signed third-party UEFI bootloaders that can be tricked to bypass Secure Boot via an EFI shell. The vulnerable bootloader executes unsigned code prior to initialization of the Operating System's boot process, making it difficult to monitor by the OS or common Endpoint Detection and Response (EDR) tools (CERT VU).

An attacker who successfully exploits this vulnerability can bypass the system's Secure Boot feature at startup and execute arbitrary code before the operating system loads. This early boot phase execution can provide persistence to an attacker, potentially loading arbitrary kernel extensions that survive both reboot and re-installation of an OS. It may also evade common OS-based and EDR security defenses (CERT VU).

Microsoft has worked closely with the vendor to address the vulnerable bootloader issue and has blocked the previously issued certificate with the July 2022 Security Update Release. Users should apply vendor-provided security updates that address these vulnerabilities to block vulnerable firmware from bypassing Secure Boot. The update adds the signatures of the known vulnerable UEFI modules to the DBX (Secure Boot Forbidden Signature Database) (CERT VU, Microsoft Support).