Fedora warned that older Microsoft-signed Shim bootloaders used to start Linux under UEFI Secure Boot can remain trusted long after fixes are available, allowing vulnerable components to load unless their signatures are added to the UEFI DBX revocation list. The warning highlights legacy Shim 0.9 builds from 2016 and ties the risk to CVE-2026-8863 and CVE-2026-10797, which could let attackers bypass Secure Boot protections on systems still relying on outdated binaries.
Fedora said an updated Shim with additional protections is already present in Rawhide for Fedora 45, while Microsoft is expected to enforce broader revocations through the UEFI DBX. Users were urged to verify whether Secure Boot systems still depend on old Microsoft-signed Shim binaries and to update affected components, with older platforms such as RHEL 7.2, CentOS 7.2, Oracle Linux 7.2, ROSA Linux R10/R9, and some openSUSE installations identified as potentially exposed.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
Fedora warned users that vulnerable or outdated Microsoft-signed Shim bootloaders may still be trusted under UEFI Secure Boot until their signatures are added to the DBX revocation list. Users were advised to verify Secure Boot state, inspect installed Shim signatures, and apply firmware-related updates.
The references report that Fedora Rawhide, the development branch for Fedora 45, includes an updated Shim intended to address the Secure Boot issues. Fedora presented this as a mitigation ahead of broader revocation of vulnerable older Shim builds.
Fedora warned that the previously announced Microsoft revocation affecting older Shim bootloaders is expected to be enforced around June 2025. Once enforced through the UEFI DBX, affected systems relying on old Microsoft-signed Shim binaries could be impacted.
One reference says a Secure Boot-related revocation process was previously announced by Microsoft in 2023. This process distributes revocations through the UEFI DBX for vulnerable boot components such as outdated Shim binaries.
The references state that the legacy Shim 0.9 build from 2016 is affected by Secure Boot bypass issues later tracked as CVE-2026-8863 and CVE-2026-10797. Older distributions using this Microsoft-signed Shim build may remain exposed until its signature is revoked in the UEFI DBX.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
fedoramagazine.org
Open sourceopennet.ru
Open sourceopennet.me
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.