Windows 11 Flaw allows computer pirates to omit the safe boot protections

NEWNow you can listen to News articles!

Microsoft has not received much love for Windows 11, with many users still reluctant to leave Windows 10 even four years after the launch of the newest operating system. The main reasons include Microsoft’s constant impulse to use its own services, strict hardware requirements and questionable interface changes.

But if you are looking for another reason to not like Windows 11, security researchers recently discovered a critical vulnerability that affected safe start. This characteristic is supposed to prevent malware being loaded during the beginning. Now, computer pirates can avoid that protection and silently infect systems. The fault allows attackers to disable safe start in almost any modern Windows PC or server, even leaving completely updated devices open to stealthy and undetectable malware.

Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my definitive scam survival guide, free when it joins me Cyberguy.com/newsletter

Windows PCs at risk as the new tool disarms incorporated safety

PC with Windows (Kurt “Cyberguy” Knutsson)

What is the safe vulnerability of starting in Windows 11?

The vulnerability, tracked as CVE-2025-3052, was discovered by the Binarly firmware security firm. They discovered that a legitimate bios update tool signed by Microsoft could be abused of manipulating with the Windows starting process. Once exploited, the defect allows the attackers to close the safe start. In wrong hands, this vulnerability could lead to a new generation of malware. These threats could even avoid antivirus or the most advanced detection software.

What is artificial intelligence (AI)?

Computer pirates can abuse tools signed with Microsoft to close the safe start

In the center of the problem there is an BIOS flashing utility built for resistant tablets. Microsoft signed it using its 2011 UEFI CA certificate. Because it is trusted in that certificate in almost all safe systems enabled for starting, the tool can be executed without increasing alarms. The danger lies in how the tool manages a specific NVRAM variable. Binarly researchers discovered that you read this blind variable, without verifying what is inside. That small supervision opens the door to a serious exploit.

In a demonstration, Binarly used a proof of concept attack to change the value of this variable. When establishing it at zero, they were able to overwrite a critical global configuration to enforce the safe start. That completely disabled action for safe starting protections. Once that happens, UEFI modules without signing can work freely. The attackers can install stealthy and low level malware known as bootkits, malware that works below the Windows operating system. For computer pirates, this method offers maximum persistence.

Windows portable (Kurt “Cyberguy” Knutsson)

Microsoft launched a solution, but must act to stay protected

Binarly informed the defect to cert/cc in February 2025. At first, it seemed to affect only one module. But Microsoft’s deepest research discovered a major problem. The same vulnerability affected 14 modules signed with the same certificate of trust. Microsoft responded in June 2025 revoking the cryptographic hashes of the 14 affected modules. These hashes were added to the safe list of starting revocation, known as DBX. This prevents the modules from running during the beginning. However, this protection is not automatic. Unless users or organizations manually apply the updated DBX, their systems remain vulnerable, even with other patches installed.

Get the News business on the fly by clicking here

How long has this Windows tool circulated?

Binarly revealed that the vulnerable tool had been online since the late 2022. Someone raised him to Virustotal in 2024, but went unnoticed for months. At this point, it is not clear if any attacker has used it in nature. We communicate with Microsoft to comment, but we do not receive an answer before our deadline.

Illustration of a hacker at work (Kurt “Cyberguy” Knutsson)

Six essential tips to protect your PC with Windows 11 of computer pirates

Protecting your PC does not have to be complicated. Simply follow these simple steps to keep the computer pirates and their safe information at bay.

1. Keep your updated computer: Software updates are not just new functions. They fix serious security problems. In this case, Microsoft has already launched a solution for safe start vulnerability, but it only works if your system is completely updated. Simply go to your configuration, open the Windows update and make sure everything is installed. Many people delay updates for weeks, but these patches are the first line of defense against threats like this.

2. Do not install tools that do not fully understand: It can be tempting to download applications that claim to accelerate your computer or solve problems, especially those recommended in YouTube videos or technological forums. But this is exactly how many threats are placed. This particular vulnerability came from a legitimate -looking tool that was misused. So, if you are not sure what something does or if you ask permission to change the way your system begins, omits. Or ask someone who knows more, before clicking anything.

3. Use strong antivirus software and leave it in execution: Although this new threat is directed to something deep within the system, having strong antivirus protection still helps catch related malware. If it is in Windows, the defender is already integrated and does a decent job. But if you don’t want to trust Windows incorporated tools, use a third -party antivirus.

Get my elections for the best 2025 antivirus protection winners for their Windows, Mac, Android and iOS devices visiting Cyberguy.com/Lockupyoutech

4. Restart your computer from time to time: This sounds basic, but matters. Many updates do not apply completely until after a restart. If you keep putting your computer to sleep or hibernating for days, your system could be trapped in an insecure state. Try to restart it at least every two days, or every time an update requests it.

5. Do not ignore Windows warnings or its antivirus: If something appears telling you that a file seems dangerous or that an update is needed, pay attention. It is easy to get close to closing these messages without reading them, but this is how problems are lost. If a warning seems confused or too technical, take a screenshot or a photo, and ask someone. The important thing is not to ignore it and move on.

6. Eliminate your personal data from people search sites: Even if computer pirates do not attack it directly through the failure of safe boots, many cyber attacks begin by collecting personal information that is easily online. This may include your full name, address, telephone number and even the names of your relatives. Data Broker websites collect and publish this information without their consent, which puts it at greater risk. The use of a personal data elimination service helps him reduce his exposure online and make it difficult for the bad actors to sign up for you.

While no service can guarantee the complete elimination of your Internet data, a data removal service is really an intelligent option. They are not cheap, and it is not your privacy either. These services do all the work by you by actively monitoring and systematically erasing your personal information from hundreds of websites. It is what gives me peace of mind and has proven to be the most effective way to erase your personal internet data. By limiting the available information, it reduces the risk of cross -references data of infractions with information they can find in the dark network, which makes it difficult to be pointed out.

See my best selections to obtain data disposal services and get a free scan to find out if your personal information is already on the web visiting Cyberguy.com/delete

Get a free scan to find out if your personal information is already on the web: Cyberguy.com/freescan

Click here to get the News application

Kurt’s Key Takeways

It is assumed that Secure Boot is a final safeguard, a last barrier that guarantees that only the verified code can be charged when a device begins. But this vulnerability shows how easily that trust can be broken. If a single signed utility can disable the protection of the entire system, then the device safety base begins to be worryingly thin.

Do you think Microsoft is doing enough to maintain its safe PC? Get us knowing in Cyberguy.com/contact.

Kurt “Cyberguy” Knutsson is a award -winning technological journalist who has a deep love for technology, equipment and devices that improve life with their contributions for News & News Business Startzing Mornings in “News & Friends”. Do you have a technological question? Get the free Kurt’s free newsletter, share your voice, an idea of the story or comment on Cyberguy.com.

Breaking News

A Daily Habit Can Help You Fight Stress and Think More Clearly, Study Suggests

Brent crude nears $115 after Iran attacks key Gulf energy facilities

‘

Counterterrorism chief says it wasn’t

Afroman wins jury trial in which Ohio police officers accused him of defamation

On Trump

Former Duke player describes how Coach K streamlines March Madness bracket into microtournaments

RI hockey player whose family members were killed by trans shooter helps his team win championship

Yankees announcer takes issue with ‘draping sports in the flag and preaching patriotism’

Iconic Madison Square Garden sports venue to host NYPD and staff in private concert amid gratitude effort