CVE-2024-7344: Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.
First published: Tue Jan 14 2025(Updated: )
<p>This CVE was assigned by CERT CC. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability.</p>
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 11 | =22H2 | |
| Microsoft Windows Server 2025 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows 11 | =24H2 | |
| Microsoft Windows Server 2022 | ||
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows Server 2019 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 11 | =24H2 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows Server 2025 | ||
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 11 | =23H2 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 11 | =22H2 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows 11 | =23H2 | |
| Microsoft Windows Server 2022 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Server 2022 23H2 | ||
| ces neoimpact | <10.1.024-20241127 | |
| greenware greenguard | <10.2.023-20240927 | |
| Howyar sysreturn | <10.2.023_20240919 | |
| Radix SmartRecovery | <11.2.023-20240927 | |
| Sanfong EZ-Back System | <10.3.024-20241127 | |
| signalcomputer hdd king | <10.3.021-20241127 | |
| Wasay eRecoveryRx | <8.4.022-20241127 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7344 (Advisory)
- https://www.darkreading.com/vulnerabilities-threats/trusted-apps-bug-uefi-boot-process
- https://www.bleepingcomputer.com/news/security/new-uefi-secure-boot-flaw-exposes-systems-to-bootkits-patch-now/
- https://uefi.org/revocationlistfile
- https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html
- https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html
- https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/
- https://www.kb.cert.org/vuls/id/529659
- https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/
Frequently Asked Questions
What is the severity of CVE-2024-7344?
CVE-2024-7344 is classified as a high-severity vulnerability impacting UEFI secure boot.
How do I fix CVE-2024-7344?
To fix CVE-2024-7344, you must apply the security updates provided by Microsoft for the affected Windows products.
Which products are affected by CVE-2024-7344?
CVE-2024-7344 affects several versions of Windows, including Windows 10, Windows 11, and Windows Server 2016, 2019, 2022, and 2025.
What kind of attacks can CVE-2024-7344 enable?
CVE-2024-7344 can enable attackers to bypass secure boot mechanisms, potentially leading to the installation of malicious boot kits.
How can I determine if my system is vulnerable to CVE-2024-7344?
You can determine if your system is vulnerable to CVE-2024-7344 by checking if it is running a version of Windows listed as affected and verifying if the security updates have been applied.
- agent/title
- agent/weakness
- agent/type
- agent/author
- collector/msrc-cve
- source/Microsoft
- agent/description
- agent/first-publish-date
- agent/software-canonical-lookup
- collector/darkreading
- source/Dark Reading
- alias/CVE-2024-7344
- collector/bleeping-computer
- source/BleepingComputer
- agent/trending
- agent/source
- agent/news-ai
- exploited/true
- agent/remedy
- agent/event
- agent/references
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/software-canonical-lookup-request
- agent/tags
- collector/msrc
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/microsoft
- canonical/microsoft windows 11
- version/microsoft windows 11/22h2
- canonical/microsoft windows server 2025
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2012 r2
- version/microsoft windows 11/24h2
- canonical/microsoft windows server 2022
- canonical/microsoft windows 10
- version/microsoft windows 10/22h2
- canonical/microsoft windows server 2019
- version/microsoft windows 10/21h2
- version/microsoft windows 10/1809
- version/microsoft windows 10/1607
- version/microsoft windows 11/23h2
- canonical/microsoft windows server 2012 x64
- canonical/microsoft windows server 2022 23h2
- vendor/cs-grp
- canonical/ces neoimpact
- vendor/greenware
- canonical/greenware greenguard
- vendor/howyar
- canonical/howyar sysreturn
- vendor/radix
- canonical/radix smartrecovery
- vendor/sanfong
- canonical/sanfong ez-back system
- vendor/signalcomputer
- canonical/signalcomputer hdd king
- vendor/wasay
- canonical/wasay erecoveryrx