CVE-2024-7344: Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.
First published: Tue Jan 14 2025(Updated: )
<p>This CVE was assigned by CERT CC. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability.</p>
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 11 | =22H2 | |
| Microsoft Windows Server 2025 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2012 | ||
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows 11 | =24H2 | |
| Microsoft Windows Server 2022 | ||
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows Server 2012 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2022, 23H2 Edition | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 11 | =24H2 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows Server 2025 | ||
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 11 | =23H2 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 11 | =22H2 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows 11 | =23H2 | |
| Microsoft Windows Server 2022 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://uefi.org/revocationlistfile
- https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html
- https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html
- https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/
- https://www.kb.cert.org/vuls/id/529659
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7344 (Advisory)
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/type
- agent/author
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/msrc
- source/Microsoft
- collector/msrc-cve
- agent/severity
- agent/references
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/software-canonical-lookup
- vendor/microsoft
- canonical/microsoft windows 11
- version/microsoft windows 11/22h2
- canonical/microsoft windows server 2025
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2012
- canonical/microsoft windows server 2012 r2
- version/microsoft windows 11/24h2
- canonical/microsoft windows server 2022
- canonical/microsoft windows 10
- version/microsoft windows 10/22h2
- canonical/microsoft windows server 2019
- canonical/microsoft windows server 2022, 23h2 edition
- version/microsoft windows 10/1809
- version/microsoft windows 10/21h2
- version/microsoft windows 10/1607
- version/microsoft windows 11/23h2