Microsoft has released its June Patch Tuesday updates, addressing a critical vulnerability in Windows PCs that could allow attackers to bypass Secure Boot and install bootkits.
The flaw, identified as CVE-2025-3052, is a memory corruption issue that exploits Microsoft’s Secure Boot feature. Discovered by Binarly security researcher Alex Matrosov, the vulnerability is considered serious due to its potential to compromise system security at a fundamental level.
Matrosov explained, “Attackers can exploit this vulnerability to run unsigned code during the boot process, effectively bypassing Secure Boot and compromising the system’s chain of trust. Because the attacker’s code executes before the operating system even loads, it opens the door for attackers to install bootkits and undermine OS-level security defenses.”
Bootkit malware is particularly dangerous as it runs before the operating system boots, allowing it to evade detection by standard security software. If successfully installed, bootkits can grant attackers full control of a PC, enable the installation of other malicious software, or facilitate access to confidential information.
Ironically, Microsoft implemented Secure Boot on Windows PCs precisely to prevent malware from loading during the boot-up process. This security feature is standard on modern PCs utilizing UEFI firmware, which replaced the older BIOS firmware.
The vulnerability allows an attacker to circumvent Secure Boot by signing a vulnerable UEFI application using Microsoft’s third-party certificates. This grants the unsigned code the ability to execute with elevated privileges during startup.
While the flaw itself has not been observed being actively exploited in the wild, the vulnerable application has been available since late 2022. Matrosov discovered the application on the VirusTotal security analysis website.
To mitigate the risk, Windows users are urged to install the latest updates. The process involves navigating to Settings, selecting Windows Update, and downloading the available patches. A reboot after installation will ensure the PC is protected.
June’s Patch Tuesday addresses a total of 66 security weaknesses across various Microsoft products, with nine of these rated as critical. In addition to CVE-2025-3052, another Secure Boot flaw, identified as CVE-2025-4275, was also patched. The updates also address a zero-day vulnerability listed as CVE-2025-33053.
