Unbiased AI-powered news
ESET researchers identified 11 defective shim binaries signed by Microsoft that remained trusted for up to 13 years. The firm reported the issue to CERT and Microsoft, which revoked the shims in its June update.
Ars TechnicaESET researchers found 11 firmware images, at least one dating to 2013, that Microsoft had signed but never revoked after defects were identified. The images, known as shims, were created to extend Secure Boot to Linux distributions and third-party utilities.
The shims allow an attacker with physical access to load unsigned code during the boot process on both Windows and Linux systems. ESET stated that no new vulnerability is required; possession of an unrevoked shim binary is sufficient to bypass the protection.
How the revocation gap occurred Microsoft oversees the signing of shims and maintains revocation lists through the db and dbx databases. When space constraints made full listing impractical, the company adopted version-based revocation methods such as SBAT and Secure Boot SVN.
The 11 shims predate these mechanisms or contain code that does not enforce them. Microsoft revoked the binaries in its June monthly update after ESET notified CERT.
Scope of affected systems Windows users who installed the June update are no longer exposed. Linux users can verify revocation status through the Linux Vendor Firmware Service or the uefi-dbx-audit script. ESET noted that the lapse leaves open the possibility that attackers could have installed persistent bootkits on affected devices for more than a decade.
Single source — no framing comparison available.
forbes.comUnder Secretary Jeffery Kessler told a congressional hearing on July 15, 2025, that very few H200 AI chips reached China and Hong Kong. Licenses were issued earlier in 2025 after a December 2024 statement by President Trump on revenue sharing.
sbs.com.auTwenty-six current and former Meta employees filed a federal lawsuit Monday alleging the company used AI systems to select workers for its May layoffs in a way that penalized those on protected leave. The plaintiffs seek to block their July 22 terminations and request an audit of…
YonhapApple is in early talks with PrismML about technology that shrinks large AI models enough to run on iPhones. The Caltech spinout released compressed versions of Alibaba's Qwen model this week.