Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Hackers had 7 months to exploit this Windows 11 flaw: Update now

The vulnerability, identified as CVE-2024-7344, allowed malicious actors to install harmful code on devices, bypassing many built-in security protections in Windows 11

byKerem Gülen
January 20, 2025
in Cybersecurity, News

Microsoft has patched a significant security vulnerability that left Windows 11 vulnerable to malware attacks for over seven months. Users are strongly urged to apply the update immediately to secure their systems.

Microsoft patches critical Windows 11 vulnerability after seven months

The vulnerability, identified as CVE-2024-7344, allowed malicious actors to install harmful code on devices, bypassing many built-in security protections in Windows 11. It exploited a weakness in how certain third-party firmware utilities managed secure UEFI boot processes, granting attackers elevated system privileges and enabling their malicious payloads to remain undetected.

This issue arose from the manner in which some legitimate system utilities utilized Microsoft-approved digital certificates. Microsoft employs a strict manual review process for third-party firmware apps that operate during the secure boot phase. However, a researcher from security firm ESET discovered at least seven different vendors using a signed firmware component named “reloader.efi” insecurely.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Windows 11 24H2 is here but do not update yet!


These utilities could inadvertently bypass Microsoft’s security checks through a custom executable loader, allowing any firmware code, including unsigned binaries, to execute despite being blocked by secure boot protections. This vulnerability provided a pathway for sophisticated attackers to embed malware within legitimate utilities.

The vendors whose system utilities inadvertently exposed this risk include Howyar Technologies, Greenware, Radix, Sanfong, WASAY, CES, and SignalComputer. All have released updates to rectify the security issue. Additionally, Microsoft has revoked the digital certificates associated with the affected firmware versions to prevent exploitation of the vulnerability.

The persistence of the vulnerability for over seven months is notable, as ESET notified Microsoft of the issue in July 2024. There is no evidence that the vulnerability was actively exploited in real-world attacks, but its prolonged existence raises concerns regarding patch management.

Microsoft has issued an update to resolve CVE-2024-7344, and Windows 11 users should ensure they have all the latest patches installed, particularly those rolled out during the January 14th Patch Tuesday release.


Featured image credit: Windows/Unsplash

Tags: CybersecurityMicrosoftwindows 11

Related Posts

183M Gmail passwords exposed via infostealer malware

183M Gmail passwords exposed via infostealer malware

October 28, 2025
Google’s AI health coach debuts for Android Fitbit users

Google’s AI health coach debuts for Android Fitbit users

October 28, 2025
Grokipedia’s “AI-verified” pages show little change from Wikipedia

Grokipedia’s “AI-verified” pages show little change from Wikipedia

October 28, 2025
OpenAI data reveals 0.15% of ChatGPT users express suicidal thoughts

OpenAI data reveals 0.15% of ChatGPT users express suicidal thoughts

October 28, 2025
OpenAI makes ChatGPT Go free across India

OpenAI makes ChatGPT Go free across India

October 28, 2025
Goodbye: Pixel Watch gets its final update

Goodbye: Pixel Watch gets its final update

October 28, 2025

LATEST NEWS

183M Gmail passwords exposed via infostealer malware

Google’s AI health coach debuts for Android Fitbit users

Grokipedia’s “AI-verified” pages show little change from Wikipedia

OpenAI data reveals 0.15% of ChatGPT users express suicidal thoughts

OpenAI makes ChatGPT Go free across India

Goodbye: Pixel Watch gets its final update

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.