CVE-2024-7344 – CVE-2024-7344 is a vulnerability in Howyar UEFI... (How to Fix)

Q: What is the severity of CVE-2024-7344?

CVE-2024-7344 has a CVSS score of 8.2 (HIGH). CVE-2024-7344 is a vulnerability in Howyar UEFI Application 'Reloader' that allows execution of unsigned software from a hardcoded path, bypassing Secure Boot protections. This affects systems using the vulnerable Howyar UEFI application, potentially allowing attackers to load malicious boot components. The vulnerability impacts both 32-bit and 64-bit versions of the application.

📋 TL;DR

CVE-2024-7344 is a vulnerability in Howyar UEFI Application 'Reloader' that allows execution of unsigned software from a hardcoded path, bypassing Secure Boot protections. This affects systems using the vulnerable Howyar UEFI application, potentially allowing attackers to load malicious boot components. The vulnerability impacts both 32-bit and 64-bit versions of the application.

💻 Affected Systems

Products:

Howyar UEFI Application 'Reloader'

Versions: All versions prior to patched release

Operating Systems: Any OS booting via UEFI with vulnerable Howyar Reloader

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both 32-bit and 64-bit versions. Requires UEFI boot environment with Secure Boot potentially bypassed.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via UEFI bootkit installation, allowing persistent malware that survives OS reinstallation and disk formatting.

🟠

Likely Case

Attackers could load malicious drivers or boot components to establish persistence, steal credentials, or deploy ransomware.

🟢

If Mitigated

With proper Secure Boot enforcement and UEFI revocation lists, the attack surface is reduced but not eliminated if the vulnerable application remains present.

🌐 Internet-Facing: LOW - This vulnerability requires local access or compromise of boot process, not directly exploitable over internet.

🏢 Internal Only: HIGH - Malicious insiders or attackers with physical/network access could exploit this to establish persistent footholds.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to write to the hardcoded path and trigger UEFI application execution. Physical access or administrative privileges typically needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for specific patched version

Vendor Advisory: https://uefi.org/revocationlistfile

Restart Required: Yes

Instructions:

1. Contact Howyar vendor for patched UEFI firmware/application. 2. Update UEFI firmware following vendor instructions. 3. Update UEFI revocation lists. 4. Reboot system to apply changes.

🔧 Temporary Workarounds

Enable and enforce Secure Boot

all

Ensure Secure Boot is enabled and properly configured to reject unsigned executables

Update UEFI revocation lists

all

Regularly update dbx (UEFI revocation list) to block known vulnerable/malicious components

🧯 If You Can't Patch

Disable or remove Howyar Reloader application if not required
Implement physical security controls to prevent unauthorized boot device access

🔍 How to Verify

Check if Vulnerable:

Check UEFI firmware for Howyar Reloader presence and version. Use UEFI shell or firmware settings to identify vulnerable component.

Check Version:

System-specific UEFI firmware check commands vary by manufacturer (e.g., dmidecode on Linux, msinfo32 on Windows)

Verify Fix Applied:

Verify UEFI firmware version is updated and Secure Boot properly validates all boot components.

📡 Detection & Monitoring

Log Indicators:

UEFI/BIOS update logs
Secure Boot violation events
Unexpected boot component loading

Network Indicators:

Unusual network traffic during boot process
UEFI/BIOS update requests from unexpected sources

SIEM Query:

EventID=12 OR EventID=13 (System boot events) combined with Secure Boot failure indicators

📊 Metadata

CVE ID: CVE-2024-7344

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-347

EPSS Score: 0.14% exploit probability (33.5th percentile)

Published: January 14, 2025

Last Updated: January 22, 2025

🔗 References

https://uefi.org/revocationlistfile Patch
https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html Related
https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html Related
https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/ Related
https://www.kb.cert.org/vuls/id/529659 Third Party Advisory,US Government Resource
https://www.kb.cert.org/vuls/id/529659 Third Party Advisory,US Government Resource
https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/ Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7344, you might also want to check these: