Microsoft has intensified its Windows 11 campaign by using aggressive tactics, including full-screen multipage popup ads, to urge Windows 10 users to upgrade before the operating system's imminent death, slated for October 14, 2025. However, Windows 10 continues to dominate the market share with a staggering 62.73%, per StatCounter's December 2024 report.
User reluctance to upgrade to Windows 11 can partly be attributed to Microsoft's stringent operating system requirements. These requirements limit the operating system's accessibility to unsupported hardware missing salient features like Secure Boot and TPM.
READ MORE: Microsoft makes its stringent TPM 2.0 Windows 11 upgrade requirement "non-negotiable"
While these security features are designed to keep the operating system secure, a vulnerability (CVE-2024-7344) has been accessible to bad actors for over seven months, making Windows 11 susceptible to malicious attacks. However, Microsoft finally patched the security threat earlier this week.
For context, the vulnerability allowed hackers to gain unauthorized access to a device and run malicious attacks during the bootup process. As you may know, Secure Boot is one of the stringent system requirements for running Windows 11. The security feature prevents malicious firmware from running when a device is booting.
Hackers often deploy attacks before a device starts because it allows them to hide the ploys in plain sight before Windows loads, making it difficult to identify them. Moreover, it makes the malware less susceptible to defense mechanisms that ship with the operating system.
UEFI security: Win some, lose some
As highlighted by ArsTechnica, Martin Smolár, a security researcher at ESET, made a shocking discovery last year. The researcher noticed that a digitally signed app bypassed Microsoft's strict manual review process for third-party UEFI apps. For context, Smolár made this deduction when SysReturn, a real-time system recovery software from Howyar Technologies, bypassed the stringent process. The researcher further disclosed that the app was buried under an XOR-encoded UEFI app called reloader.efi.
The manual review process leverages UEFI's LoadImage and StartImage for the Secure Boot process. However, reloader.efi used a custom PE loader (Portable Executable File Format), bypassing Microsoft's review process and overlooking critical security checks. Perhaps more concerning, reloader.efi wasn't unique to Howyar Technologies' system recovery software. It was also consistent across other apps from six different suppliers, including:
- Howyar SysReturn before version 10.2.023_20240919
- Greenware GreenGuard before version 10.2.023-20240927
- Radix SmartRecovery before version 11.2.023-20240927
- Sanfong EZ-back System before version 10.3.024-20241127
- WASAY eRecoveryRX before version 8.4.022-20241127
- CES NeoImpact before version 10.1.024-20241127
- SignalComputer HDD King before version 10.3.021-20241127
While Microsoft has since patched the vulnerability with significant security issues, it allowed hackers to deploy attacks beyond devices with malicious software installed. They could easily install the malicious software because of privileged admin control over susceptible Windows PCs as they'd use the digital signature in the operating system to install the malware during the start process.
