Exploiting signed bootloaders to circumvent UEFI Secure Boot

[ValdikSS]

As for 3 June, the bootloader is still not revoked, UEFI forum replied that the information had been sent to security team at first (I've prepared all the information and a minimal vulnerable disk image), but then stopped replying after 7 May.

[ValdikSS]

Microsoft released Windows 10 update KB4524244 on 11.02.2020, which revokes Kaspersky bootloader (adds its hash to UEFI dbx), but on 15.02.2020 revoked the update since it brought issues to several HP motherboards:
thewincentral.com/windows-10-updates-kb4532693-kb4524244-causing-many-issues-report-users
h30434.www3.hp.com/t5/Business-Notebooks/KB4524244-cause-certain-HP-computers-to-hang-and-even-brick/td-p/7471459

More information on Windows website:
docs.microsoft.com/en-us/windows/release-information/status-windows-10-1909#392msgdesc

Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.

Microsoft revoked the following hashes in this update:

{microsoft} {sha256} 81d8fb4c9e2e7a8225656b4b8273b7cba4b03ef2e9eb20e0a0291624eca1ba86
{microsoft} {sha256} b92af298dc08049b78c77492d6551b710cd72aada3d77be54609e43278ef6e4d
{microsoft} {sha256} e19dae83c02e6f281358d4ebd11d7723b4f5ea0e357907d5443decc5f93c1e9d
{microsoft} {sha256} 39dbc2288ef44b5f95332cb777e31103e840dba680634aa806f5c9b100061802
{microsoft} {sha256} 32f5940ca29dd812a2c145e6fc89646628ffcc7c7a42cae512337d8d29c40bbd
{microsoft} {sha256} 10d45fcba396aef3153ee8f6ecae58afe8476a280a2026fc71f6217dcf49ba2f

One of which is Kaspersky Rescue Disk vulnerable bootloader (bootx64.efi) hash.
BOOTX64.EFI 81d8fb4c9e2e7a8225656b4b8273b7cba4b03ef2e9eb20e0a0291624eca1ba86
Others are unknown, but confirmed not to include other vulnerable non-disclosed boot loaders.

[ValdikSS]

UEFI Forum has updated dbx list on their website. Kaspersky's BOOTX64.EFI is #30.

30: {microsoft} {sha256} 81d8fb4c9e2e7a8225656b4b8273b7cba4b03ef2e9eb20e0a0291624eca1ba86