Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Hackers had 7 months to exploit this Windows 11 flaw: Update now

The vulnerability, identified as CVE-2024-7344, allowed malicious actors to install harmful code on devices, bypassing many built-in security protections in Windows 11

byKerem Gülen
January 20, 2025
in Cybersecurity, News

Microsoft has patched a significant security vulnerability that left Windows 11 vulnerable to malware attacks for over seven months. Users are strongly urged to apply the update immediately to secure their systems.

Microsoft patches critical Windows 11 vulnerability after seven months

The vulnerability, identified as CVE-2024-7344, allowed malicious actors to install harmful code on devices, bypassing many built-in security protections in Windows 11. It exploited a weakness in how certain third-party firmware utilities managed secure UEFI boot processes, granting attackers elevated system privileges and enabling their malicious payloads to remain undetected.

This issue arose from the manner in which some legitimate system utilities utilized Microsoft-approved digital certificates. Microsoft employs a strict manual review process for third-party firmware apps that operate during the secure boot phase. However, a researcher from security firm ESET discovered at least seven different vendors using a signed firmware component named “reloader.efi” insecurely.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Windows 11 24H2 is here but do not update yet!


These utilities could inadvertently bypass Microsoft’s security checks through a custom executable loader, allowing any firmware code, including unsigned binaries, to execute despite being blocked by secure boot protections. This vulnerability provided a pathway for sophisticated attackers to embed malware within legitimate utilities.

The vendors whose system utilities inadvertently exposed this risk include Howyar Technologies, Greenware, Radix, Sanfong, WASAY, CES, and SignalComputer. All have released updates to rectify the security issue. Additionally, Microsoft has revoked the digital certificates associated with the affected firmware versions to prevent exploitation of the vulnerability.

The persistence of the vulnerability for over seven months is notable, as ESET notified Microsoft of the issue in July 2024. There is no evidence that the vulnerability was actively exploited in real-world attacks, but its prolonged existence raises concerns regarding patch management.

Microsoft has issued an update to resolve CVE-2024-7344, and Windows 11 users should ensure they have all the latest patches installed, particularly those rolled out during the January 14th Patch Tuesday release.


Featured image credit: Windows/Unsplash

Tags: CybersecurityMicrosoftwindows 11

Related Posts

Microsoft delays Xbox Game Pass price increase for some existing subscribers

Microsoft delays Xbox Game Pass price increase for some existing subscribers

October 8, 2025
Google releases Gemini 2.5 Computer Use model for building UI agents

Google releases Gemini 2.5 Computer Use model for building UI agents

October 8, 2025
AI is now the number one channel for data exfiltration in the enterprise

AI is now the number one channel for data exfiltration in the enterprise

October 8, 2025
Google expands its AI vibe-coding app Opal to 15 more countries

Google expands its AI vibe-coding app Opal to 15 more countries

October 8, 2025
Google introduces CodeMender, an AI agent for code security

Google introduces CodeMender, an AI agent for code security

October 8, 2025
Megabonk once again proves you don’t need fancy graphics to become a hit

Megabonk once again proves you don’t need fancy graphics to become a hit

October 8, 2025

LATEST NEWS

Microsoft delays Xbox Game Pass price increase for some existing subscribers

Google releases Gemini 2.5 Computer Use model for building UI agents

AI is now the number one channel for data exfiltration in the enterprise

Google expands its AI vibe-coding app Opal to 15 more countries

Google introduces CodeMender, an AI agent for code security

Megabonk once again proves you don’t need fancy graphics to become a hit

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.