**Name of the Vulnerable Software and Affected Versions:**

Howyar UEFI Application "Reloader" (32-bit and 64-bit)

Greenware GreenGuard versions prior to 10.2.023-20240927

Radix SmartRecovery versions prior to 11.2.023-20240927

Sanfong EZ-back versions prior to 10.3.024-20241127

WASAY eRecoveryRX versions prior to 8.4.022-20241127

CES NeoImpact versions prior to 10.1.024-20241127

SignalComputer HDD King versions prior to 10.3.021-20241127

Howyar SysReturn versions prior to 10.2.023 20240919

**Description:**

A vulnerability exists in the Howyar UEFI Application "Reloader" and several recovery tools utilizing it, allowing for the execution of unsigned software in a hardcoded path. This bypasses UEFI Secure Boot protections, potentially enabling the deployment of malicious bootkits. The vulnerability resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate. Exploitation involves replacing the default OS bootloader with a malicious UEFI application and placing a malicious file in a specific location. HybridPetya ransomware has been observed leveraging this vulnerability (CVE-2024-7344) to bypass Secure Boot and encrypt NTFS Master File Table. While no widespread attacks have been reported, the sophistication of HybridPetya suggests a high potential for real-world exploitation.

**Recommendations:**

Howyar UEFI Application "Reloader" (32-bit and 64-bit): Update to a newer version.

Greenware GreenGuard: Update to version 10.2.023-20240927 or later.

Radix SmartRecovery: Update to version 11.2.023-20240927 or later.

Sanfong EZ-back: Update to version 10.3.024-20241127 or later.

WASAY eRecoveryRX: Update to version 8.4.022-20241127 or later.

CES NeoImpact: Update to version 10.1.024-20241127 or later.

SignalComputer HDD King: Update to version 10.3.021-20241127 or later.

Howyar SysReturn: Update to version 10.2.023 20240919 or later.