NEWYou can now listen to Fox News articles!
Microsoft has not received much love for Windows 11, many users are always reluctant to abandon Windows 10, even four years after the launch of the more recent SG. The main reasons include Microsoft’s constant thrust to use its own services, strict hardware requirements and questionable interface changes.
But if you are looking for another reason not to like Windows 11, security researchers have recently discovered a critical vulnerability affecting a secure start. This feature is supposed to prevent malicious software from being loaded during start -up. Now hackers can bypass this protection and silently infect the systems. The defect allows attackers to deactivate secure start on almost all Modern Windows PCs or server, leaving devices even fully updated open to stealthy and undetectable malware.
Register for my free cyberguy report
Get my best technological advice, my urgent safety alerts and my exclusive offers delivered directly in your reception box. In addition, you will have instant access to my survival guide at the ultimate – free swindle when you join my Cyberguy.com/newsletter
Windows PC at risk because a new tool disarms integrated safety
Windows PC (Kurt “Cyberguy” KTUSSON)
What is the secure start -up vulnerability in Windows 11?
Vulnerability, followed as CVE-2025-3052, was discovered by the firmware security company Binarly. They found that a legitimate bios update tool signed by Microsoft could be mistreated to alter the Windows start -up process. Once exploited, the defect allows attackers to completely stop the secure start. In bad hands, this vulnerability could lead to a new generation of malicious software. These threats could go around even the most advanced antivirus or detection software.
What is artificial intelligence (AI)?
Pirates can abuse tools signed by Microsoft to stop secure start -up
At the center of the problem is a Bios-Flasshing utility built for robust tablets. Microsoft signed it using its 2011 UEFI CA certificate. Since this certificate is reliable on almost all secure systems compatible with start -up, the tool can run without alarms. The danger lies in the way the tool manages a specific nvram variable. Binarly researchers found that he read this variable blindly, without checking what is inside. This small surveillance opens the door to a serious feat.
In a demonstration, Binarly used a concept proof attack to modify the value of this variable. By defining it over zero, they were able to crush a global critical parameter to apply a secure start. This action completely disabled secure start -up protections. Once this happens, the UEFI modules that are not signed can operate freely. The attackers can then install low-level malware called bootkits, malware that operates under the Windows operating system itself. For pirates, this method offers ultimate persistence.
Windows laptop (Kurt “Cyberguy” KTUSSON)
Microsoft has published a fix but you must act to stay protected
Binarly reported the Cert / CC flaw in February 2025. At first, he seemed to affect a single module. But Microsoft’s deeper survey has revealed a more important problem. The same vulnerability affected 14 modules signed with the same certificate of trust. Microsoft responded in June 2025 by revoking the cryptographic hashs of the 14 assigned modules. These atmosphere were added to the secure start -up revocation list, known as DBX. This prevents modules from working during start -up. However, this protection is not automatic. Unless users or organizations manually apply the updated DBX, their systems remain vulnerable, even with other installed fixes.
Get Fox Affairs on the move by clicking here
How long has this Windows tool have been circulating?
Binarly revealed that the vulnerable tool has been online since the end of 2022. Someone downloaded it on Virustotal in 2024, but it went unnoticed for months. At this point, it is not clear if attackers used it in nature. We contacted Microsoft to comment but we did not receive an answer before our deadline.
Illustration of a pirate at work (Kurt “Cyberguy” KTUSSON)
Six essential tips to protect your Windows 11 PC against pirates
Protecting your PC does not have to be complicated. Simply follow these simple steps to keep the hackers remotely and your information safe.
1. Keep your computer up to date: Software updates are not only new features. They solve serious security problems. In this case, Microsoft has already published a correction for secure start -up vulnerability, but this only works if your system is fully updated. Just go to your settings, open Windows Update and make sure everything is installed. Many people delay updates for weeks, but these fixes are the first line of defense against threats like this.
2. Do not install tools that you do not fully understand: It may be tempting to download applications that claim to speed up your computer or solve problems, especially those recommended in YouTube videos or technological forums. But this is exactly that many threats sneak. This particular vulnerability came from a tool of legitimate aspect which was poorly used. So, if you are not sure what something does or if it requires permission to change the way your system starts, jump it. Or ask someone who knows more, before clicking on anything.
3. Use strong antivirus software and let it work: Even if this new threat targets something deep inside the system, strong antivirus protection always helps to catch related malware. If you are under Windows, the defender is already integrated and does a decent job. But if you don’t want to count on the integrated Windows tools, use a third -party antivirus.
Get my choices for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices by visiting Cyberguy.com/lockupyourtech
4. Restart your computer from time to time: This one seems basic, but it is important. Many updates only apply completely after restarting. If you continue to put your computer to sleep or hibernate it for days at a time, your system could always be stuck in a dangerous condition. Try to restart it at least every two days, or each time an update requests it.
5. Do not ignore Windows warnings or your antivirus: If something appears by telling you that a file seems dangerous or an update is necessary, be careful. It is easy to get into the habit of closing these messages without reading them, but that’s how problems are missed. If a warning seems confusing or too technical, take a screenshot or a photo and ask for help from someone. The important thing is not to ignore it and move on.
6. Delete your personal data from people’s search sites: Even if the hackers do not target you directly through the lack of secure starter, many cyber attacks start by collecting personal information easily found online. This may include your full name, address, phone number and even the names of your loved ones. Data broker websites collect and publish this information without your consent, putting you more at risk. Using a personal data deletion service helps you reduce your online exposure and make bad players more difficult to target you.
Although no service can guarantee the complete deletion of your Internet data, a data deletion service is really an intelligent choice. They are not cheap – and your privacy either. These services do all the work for you by actively and systematically erase your personal information from hundreds of websites. This is what gives me peace of mind and turned out to be the most effective way to erase your personal data on the Internet. By limiting the available information, you reduce the risk of crooked references from the crooks from violations with information they may find on the Dark Web, which makes them more difficult for them to target you.
Consult my best choices for data deletion services and get a free analysis to find out if your personal information is already on the web by visiting Cyberguy.com/delete
Get a free scan to find out if your personal information is already on the web: Cyberguy.com/freescan
Click here to obtain the Fox News app
Kurt’s main dishes
Secure Boot is supposed to be a final backup, a final barrier which guarantees that only the code verified can take care of when a device starts. But this vulnerability shows what facility this confidence can be broken. If a single signed utility can deactivate the entire system protection, the basis of devices safety is starting to seem disturbing.
Do you think Microsoft is in fact enough to keep your PC safe? Let us know by writing to Cyberguy.com/Contact.
Register for my free cyberguy report
Get my best technological advice, my urgent safety alerts and my exclusive offers delivered directly in your reception box. In addition, you will have instant access to my survival guide at the ultimate – free swindle when you join my Cyberguy.com/newsletter
Copyright 2025 cyberguy.com. All rights reserved.
