Forgotten Shims: How 11 Old Microsoft-Signed Files Break Secure Boot
ESET Research found 11 old UEFI shim bootloaders, all validly signed by Microsoft, that bypass Secure Boot on any system trusting Microsoft's third-party CA. CVE-2026-8863 and CVE-2026-10797 — no exploit chain required.