Patch your Windows PC now before bootkit malware takes it over – here’s how
Elyse Betters Picaro / ZDNETWindows users who don’t always install the updates rolled out by Microsoft each month for Patch Tuesday will want to install the ones for June. That’s because the latest round of patches fixes a flaw that could allow an attacker to control your PC through bootkit malware.Designated as CVE-2025-3052, the Secure Boot bypass flaw is a serious one, according to Binarly security researcher Alex Matrosov, who discovered the vulnerability. In a Binarly blog post published Tuesday, he described the problem as a memory corruption issue that exploits Microsoft’s Secure Boot. Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more”Attackers can exploit this vulnerability to run unsigned code during the boot process, effectively bypassing Secure Boot and compromising the system’s chain of trust,” Matrosov said. “Because the attacker’s code executes before the operating system even loads, it opens the door for attackers to install bootkits and undermine OS-level security defenses.” Crafty and dangerous malwareBootkit malware is especially crafty and dangerous. By running before your PC boots up, it’s able to skirt past your usual security protection and evade detection. Plus, such malware can allow attackers to control your PC, infect it with additional malware, or even access your confidential information. The irony here is that Microsoft implemented Secure Boot on Windows PCs specifically to prevent malware from loading during the boot-up process. This security feature has been available on PCs that use Unified Extensible Firmware Interface (UEFI) firmware as a more modern replacement for the older BIOS firmware. Also: Apple, Google, and Microsoft offer free password managers – but should you use them?In this case, however, the flaw lets an attacker bypass Secure Boot by signing a vulnerable UEFI application with Microsoft’s third-party certificates, essentially giving it carte blanche to run. Though the flaw itself has not been exploited in the wild, the vulnerable application has been around since late 2022, and was uploaded to the VirusTotal security site, which is where Matrosov discovered it. More