all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Shim Shady (CVE-2023-40527): A Bootloader Vulnerability Story

Add to bookmarks
Feb. 9, 2024, 1:10 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Unveiling CVE-2023-40547 – Safeguarding Systems from Critical Shim Vulnerability


A vulnerability tracked as CVE-2023-40547 impacts shim, a critical piece of software used by most Linux distributions to support UEFI Secure Boot.


Discovered and reported by Bill Demirkapi at Microsoft’s Security Response Center, this particular vulnerability stems from HTTP protocol handling, leading to an out-of-bounds write and potentially complete system compromise.


Register Now >


The post Shim Shady (CVE-2023-40527): A Bootloader Vulnerability Story appeared first on Eclypsium | Supply Chain Security …

bill bill demirkapi boot bootloader center critical cve cve-2023-40547 demirkapi distributions handling http linux linux distributions microsoft piece protocol response secure boot security shim software story support systems uefi vulnerability

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Sintesi riepilogativa delle campagne malevole nella settimana del 27 Aprile – 3 Maggio 2024 an hour ago | malware.news
cert con cui dei +2
Malware Simulators cannot test Antivirus Software 12 hours ago | malware.news
malware analysis topic
Ready2Run - Is dnSpy dead? 12 hours ago | malware.news
malware analysis topic
Security above all else—expanding Microsoft’s Secure Future Initiative 15 hours ago | malware.news
cyberattacks cybersecurity future high +11
FBI warns of email spoofing by North Korean threat actor Kimsuky 18 hours ago | malware.news
actor article dmarc domains +16
You get a passkey, you get a passkey, everyone should get a passkey 22 hours ago | malware.news
accounts can consumer cracked +10
Attackers evade detection by leveraging Microsoft Graph API 22 hours ago | malware.news
api article attackers cloud +15
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383 23 hours ago | malware.news
article cisco credit credit monitoring +8
Code faster with generative AI, but beware the risks when you do 23 hours ago | malware.news
article can code coding +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

IT Security Manager

@ Timocom GmbH | Erkrath, Germany
View on infosec-jobs.com

Cybersecurity Service Engineer

@ Motorola Solutions | Singapore, Singapore
View on infosec-jobs.com

Sr Cybersecurity Vulnerability Specialist

@ Health Care Service Corporation | Chicago Illinois HQ (300 E. Randolph Street)
View on infosec-jobs.com

Associate, Info Security (SOC) analyst

@ Evolent | Pune
View on infosec-jobs.com

Public Cloud Development Security and Operations (DevSecOps) Manager

@ Danske Bank | Copenhagen K, Denmark
View on infosec-jobs.com

Cybersecurity Risk Analyst IV

@ Computer Task Group, Inc | United States
View on infosec-jobs.com
View more jobs