Critical Windows 11 Secure Boot Flal gives hackers bypass protection

NewNow you can hear Fox News article!

Microsoft has not found much love for Windows 11, many users are still reluctant to dig the Windows 10 even after four years of the new OS launch. The main reasons include Microsoft’s own services, strict hardware requirements and continuous push to use suspicious interface changes.

But if you are looking for another reason to dislike Windows 11, security researchers recently highlighted an important vulnerability affecting the safe boot. This feature is considered to prevent malware from loading during startups. Now, hackers can bypass that safety and silent system. The blame allows the attackers to disable safe boots on almost any modern Windows PC or server, even fully updated devices are open to secretly, undesirable malware.

Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com/newsletter

Windows PC cancels the built-in security as a new tool at risk

Windows PC (Kurt “Cybergui” Notson)

What is safe boot vulnerability in Windows 11?

The vulnerability tracked as CVE-2025–3052 was discovered by the firmware security firm Binarly. They found that a valid BIOS update tool signed by Microsoft may be abused for tampering with the Windows boot process. Once exploited, the defect allows the attackers to close the completely safe boot. In the wrong hands, this vulnerability can give birth to a new generation of malware. These dangers can also bypass the most advanced antivirus or detection software.

What is Artificial Intelligence (AI)?

Hackers can misuse Microsoft-signed tools to close safe boot

The center of the issue has a bios-flashing utility manufactured for rugged pills. Microsoft signed it using its UEFI CA 2011 Certificate. Because almost every safe boot-capable system on that certificate is trusted, the equipment can run without increasing the alarm. The danger is how the equipment handles a specific Nvram variable. Researchers at Binarly found that it visually reads this variable, without checking what is inside. This small inspection opens the door to a serious exploitation.

In a demonstration, Binralli used a proof-off-concept attack to change the value of this variable. By setting it on zero, they were able to significantly overpowder a global setting to apply a safe boot. This activity disables safety safety completely safe. Once this happens, the non -signed UEFI modules can run independently. The attackers can then install secretly, low-level malware, known as bootquits, malware, which operates under the Windows operating system. For hackers, this method provides final persistence.

Windows laptop (Kurt “Cybergui” Notson)

Microsoft released a fix-but you should work to stay preserved

In February 2025, Binarly reported the blame to CERT/CC. First, it only affects a module. But a deep investigation by Microsoft exposed a major problem. The same vulnerability signed 14 modules with the same reliable certificate. Microsoft replied in June 2025 by canceling the cryptographic hash of all 14 affected modules. These haveh were added to the safe boot cancellation list, known as DBX. This prevents the module from walking during the startup. However, this security is not automatic. As long as users or organizations manually apply DBX updated, their systems remain unsafe, even with other patch.

Get Fox Business when you click here

How long is this windows tool moving?

Binarly revealed that the weak equipment was online from the end of 2022. Someone uploaded it to Virustotal in 2024, but it did not pay any attention for months. At this point, it is not clear whether any attacker has used it in the wild. We arrived Microsoft for comment, but no response was found before our time limit.

Depiction of a hacker at work (Kurt “Cybergui” Notson)

Six necessary suggestions for safety of their Windows 11 PC from hackers

The safety of your PC is not complicated. Hackers just follow these simple steps to keep the Gulf and protect their information.

1. Keep your computer updated: Software updates are not only about new features. They fix serious safety issues. In this case, Microsoft has already released a fix for a safe boot vulnerability, but it only works when your system is fully updated. Just go to your settings, open the Windows updates, and make sure everything is installed. A lot of people delay the updates for weeks, but these patches are the first line of defense against such dangers.

2. Do not install equipment that you do not fully understand: This can be attractive to download apps that claim to speed up your computer or fix problems, especially in YouTube videos or technical forums. But it is okay how a lot of danger enters. This special vulnerability came from a valid -looking device that was misused. Therefore, if you are not sure what does anything or if it asks for permission to change how your system boots, leave it. Or ask someone who knows more, before you click anything.

3. Use strong antivirus software and leave it running: Even though this new danger targets something deep inside the system, it helps in capturing malware related to strong antivirus safety. If you are on Windows, the defender is already made and does a good job. But if you do not want to rely on the built-in tool of Windows, use a third-party antivirus.

Get my pics for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices Cyberguy.com/Lockupyourtch

4. Restart your computer every time: It seems a basic, but it matters. Lots of updates are not fully applied until a restart. If you keep your computer to sleep at a time or hibernate, your system may still get caught in an unsafe position. Try to restart it at at least every two days, or when an update asks for it.

5. Do not ignore the warnings from windows or your antivirus: If some pop up tells you that a file looks dangerous or requires an update, pay attention. It is easy to get into the habit of closing them without reading these messages, but it is how the problems miss. If a warning seems to be misleading or very technical, take a screenshot or a photo, and ask for help from someone. The important thing is to ignore it and move forward.

6. Remove your personal data from people’s search sites: Even if hackers do not target you directly through safe boot defects, many cyber attacks start by collecting personal information which is easily found online. It can include your full name, address, phone number and even the names of your relatives. Data broker websites collect and publish this information without your consent, which puts you at greater risk. Using a personal data removal service helps you reduce your online exposure and makes you difficult to target for bad actors.

While no service can guarantee the removal of your data from the Internet completely, a data removal service is actually a smart option. They are not cheap – nor is your privacy. These services do all the work for you by actively monitoring and systematically monitoring your personal information from hundreds of websites. This is what gives me peace of mind and has proved to be the most effective way to eradicate your personal data from the Internet. By limiting the available information, you reduce the risk of cross-referring data from breech to scams cross-referenceing data, which they can find on the dark web, making it difficult for them to target them.

See my top pics for data removal services and get a free scan to find out if your personal information is already going to the web Cyberguy.com/Delete

Get a free scan to know if your personal information is already on the web: Cyberguy.com/freescan

Click here to get Fox News app

Kurt’s major takeaways

Safe boot is considered a final security, a final barrier that ensures that only verified code can be loaded when the device starts. But this vulnerability shows how easily trust can break. If a single signed utility may disable the safety of the entire system, the foundation of the device safety starts to look worryingly thin.

Do you think Microsoft is doing enough to keep your PC safe? Write us and tell us Cyberguy.com/Contact.

Kurt “Cybergooi” notson is a prize -winning technology journalist who has a deep love for technology, gear and gadgets that improve life with his contribution to Fox News and Fox Business that starts the morning on “Fox and Friends”. Got a technical question? Get Kurt’s free cybergui newsletter, share your voice, consider a story or comment Cyberguy.com.