**Name of the Vulnerable Software and Affected Versions:**

Howyar UEFI Application "Reloader" (32-bit and 64-bit)

**Description:**

A vulnerability exists in the Howyar UEFI Application "Reloader" that allows for the execution of unsigned software from a hardcoded path. This flaw, tracked as CVE-2024-7344, bypasses UEFI Secure Boot protections, potentially enabling the deployment of malicious bootkits. The vulnerability resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate. A new ransomware strain, HybridPetya, has been discovered exploiting this vulnerability to compromise systems, encrypting the NTFS Master File Table (MFT) and demanding a ransom. While HybridPetya has not yet been observed in widespread attacks, its capabilities pose a significant threat.

**Recommendations:**

Apply the January 2025 UEFI revocation update.

Check for the presence of the `cloak.dat` file.

Rotate Secure Boot keys if necessary.

Apply updates for CVE-2024-7344.