Elyse Betters Picaro / ZDNET
Windows users who don’t always install the updates rolled out by Microsoft each month for Patch Tuesday will want to install the ones for June. That’s because the latest round of patches fixes a flaw that could allow an attacker to control your PC through bootkit malware.
Designated as CVE-2025-3052, the Secure Boot bypass flaw is a serious one, according to Binarly security researcher Alex Matrosov, who discovered the vulnerability. In a Binarly blog post published Tuesday, he described the problem as a memory corruption issue that exploits Microsoft’s Secure Boot.
Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more
“Attackers can exploit this vulnerability to run unsigned code during the boot process, effectively bypassing Secure Boot and compromising the system’s chain of trust,” Matrosov said. “Because the attacker’s code executes before the operating system even loads, it opens the door for attackers to install bootkits and undermine OS-level security defenses.”
Crafty and dangerous malware
Bootkit malware is especially crafty and dangerous. By running before your PC boots up, it’s able to skirt past your usual security protection and evade detection. Plus, such malware can allow attackers to control your PC, infect it with additional malware, or even access your confidential information.
The irony here is that Microsoft implemented Secure Boot on Windows PCs specifically to prevent malware from loading during the boot-up process. This security feature has been available on PCs that use Unified Extensible Firmware Interface (UEFI) firmware as a more modern replacement for the older BIOS firmware.
Also: Apple, Google, and Microsoft offer free password managers – but should you use them?
In this case, however, the flaw lets an attacker bypass Secure Boot by signing a vulnerable UEFI application with Microsoft’s third-party certificates, essentially giving it carte blanche to run. Though the flaw itself has not been exploited in the wild, the vulnerable application has been around since late 2022, and was uploaded to the VirusTotal security site, which is where Matrosov discovered it.
How to protect your PC
Fortunately, Microsoft has patched the flaw. In Windows 10 or 11, head to Settings, select Windows Update, and then download the latest updates. After rebooting, your PC will be protected.
Also: You can try Windows 11’s newest Start menu now – here’s how
June’s Patch Tuesday rollout fixes a number of other weaknesses, 66 in total, with nine rated as critical. One is a second Secure Boot flaw identified as CVE-2025-4275, while another is a zero-day vulnerability listed as CVE-2025-33053.
Get the morning’s top stories in your inbox each day with our Tech Today newsletter.
