Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Hackers had 7 months to exploit this Windows 11 flaw: Update now

The vulnerability, identified as CVE-2024-7344, allowed malicious actors to install harmful code on devices, bypassing many built-in security protections in Windows 11

byKerem Gülen
January 20, 2025
in Cybersecurity, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Microsoft has patched a significant security vulnerability that left Windows 11 vulnerable to malware attacks for over seven months. Users are strongly urged to apply the update immediately to secure their systems.

Microsoft patches critical Windows 11 vulnerability after seven months

The vulnerability, identified as CVE-2024-7344, allowed malicious actors to install harmful code on devices, bypassing many built-in security protections in Windows 11. It exploited a weakness in how certain third-party firmware utilities managed secure UEFI boot processes, granting attackers elevated system privileges and enabling their malicious payloads to remain undetected.

This issue arose from the manner in which some legitimate system utilities utilized Microsoft-approved digital certificates. Microsoft employs a strict manual review process for third-party firmware apps that operate during the secure boot phase. However, a researcher from security firm ESET discovered at least seven different vendors using a signed firmware component named “reloader.efi” insecurely.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Windows 11 24H2 is here but do not update yet!


These utilities could inadvertently bypass Microsoft’s security checks through a custom executable loader, allowing any firmware code, including unsigned binaries, to execute despite being blocked by secure boot protections. This vulnerability provided a pathway for sophisticated attackers to embed malware within legitimate utilities.

The vendors whose system utilities inadvertently exposed this risk include Howyar Technologies, Greenware, Radix, Sanfong, WASAY, CES, and SignalComputer. All have released updates to rectify the security issue. Additionally, Microsoft has revoked the digital certificates associated with the affected firmware versions to prevent exploitation of the vulnerability.

The persistence of the vulnerability for over seven months is notable, as ESET notified Microsoft of the issue in July 2024. There is no evidence that the vulnerability was actively exploited in real-world attacks, but its prolonged existence raises concerns regarding patch management.

Microsoft has issued an update to resolve CVE-2024-7344, and Windows 11 users should ensure they have all the latest patches installed, particularly those rolled out during the January 14th Patch Tuesday release.


Featured image credit: Windows/Unsplash

Tags: CybersecurityMicrosoftwindows 11

Related Posts

Samsung confirms One UI 9 Beta 4 release for next week

Samsung confirms One UI 9 Beta 4 release for next week

July 6, 2026
Sony to keep producing discs for pre-2028 PlayStation games

Sony to keep producing discs for pre-2028 PlayStation games

July 6, 2026
$TRUMP memecoin investors face .8 billion in losses

$TRUMP memecoin investors face $3.8 billion in losses

July 6, 2026
Tesla brings long-wheelbase Model Y to the US

Tesla brings long-wheelbase Model Y to the US

July 3, 2026
Opera adds protection against copy-paste ClickFix attacks

Opera adds protection against copy-paste ClickFix attacks

July 3, 2026
Cloudflare will block AI crawlers unless sites opt in

Cloudflare will block AI crawlers unless sites opt in

July 3, 2026

LATEST NEWS

Samsung confirms One UI 9 Beta 4 release for next week

Sony to keep producing discs for pre-2028 PlayStation games

$TRUMP memecoin investors face $3.8 billion in losses

Tesla brings long-wheelbase Model Y to the US

Opera adds protection against copy-paste ClickFix attacks

Cloudflare will block AI crawlers unless sites opt in

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Kaiber

KitchenGPT

Dupdub

Solvely

Typecast

Swimm

Instantchapters

Intellectia

ZipWP

Copyleaks – Plagiarism detector

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.