Medium

New Horizon Data Systems Boot Loader Bypass

IdentifiersCVE-2022-34302CWE-347

A Secure Boot bypass vulnerability exists in New Horizon Datasys bootloaders released before 2022-06-01. The affected bootloader is signed and therefore trusted by UEFI Secure Boot, but it is inherently vulnerable in a way that allows an attacker to replace the legitimate signed bootloader with the New Horizon bootloader and then load and execute arbitrary code during the pre-boot phase. Because the vulnerable bootloader remains accepted by Secure Boot, it can be used to tamper with or bypass Secure Boot protections despite signature validation succeeding. The issue is part of the set of third-party UEFI bootloader bypasses addressed by Microsoft through Secure Boot DBX revocation updates, including KB5012170.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an attacker to defeat Secure Boot’s intended trust guarantees and execute arbitrary code before the operating system loads. This can enable pre-OS compromise, tampering with the boot chain, deployment of bootkits, persistence across reboots, evasion of OS-level security controls, and establishment of a trusted-looking but compromised boot environment. Because the vulnerable component is signed and accepted by Secure Boot prior to revocation, the attack undermines platform integrity rather than merely causing a boot failure.

Mitigation

If you can’t patch tonight, do this now.

Restrict write access to the EFI System Partition and prevent unauthorized bootloader replacement. Disable or tightly control booting from external media where operationally feasible. Protect firmware settings with strong BIOS/UEFI passwords, monitor for unauthorized changes to boot components, and deploy Secure Boot DBX revocation updates promptly. Where possible, use platform-specific controls such as custom Secure Boot keys and firmware integrity monitoring to reduce exposure to signed-but-vulnerable boot components.

Remediation

Patch, then assume compromise.

Apply Microsoft’s Secure Boot DBX update that revokes the vulnerable third-party bootloader, specifically the protections delivered via KB5012170 and subsequent related servicing updates on supported Windows platforms. Ensure the latest required Servicing Stack Update is installed before deploying the DBX update. Follow vendor guidance for any firmware or boot-manager updates associated with revocation handling, and replace any affected New Horizon Datasys bootloader binaries with non-vulnerable versions issued after 2022-06-01 if available from the vendor.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

HorizondatasysUefi Bootloaderoperating_system

Microsoft CorporationWindows 10operating_system

Microsoft CorporationWindows 11operating_system

Microsoft CorporationWindows 8.1operating_system

Microsoft CorporationWindows Rt 8.1operating_system

Microsoft CorporationWindows Server 2012operating_system

Microsoft CorporationWindows Server 2016operating_system

Microsoft CorporationWindows Server 2019operating_system

Microsoft CorporationWindows Server 2022operating_system

Red HatEnterprise Linuxoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

microsoft supportNews

Jan 1, 2026

KB5012170: Security update for Secure Boot DBX - Microsoft Support

A Secure Boot-related boot loader bypass vulnerability involving the New Horizon Data Systems Inc boot loader, addressed via Secure Boot DBX updates.

eclypsium blogNews

Oct 14, 2025

BombShell: The Signed Backdoor Hiding in Plain Sight on Framework Devices

A vulnerability in third-party UEFI bootloaders signed by Microsoft allows attackers to bypass Secure Boot, undermining the boot process security.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2022-34302

NVD

nvd.nist.gov/vuln/detail/CVE-2022-34302

MITRE CWE · CWE-347

cwe.mitre.org

Third Party Advisory

edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot

Third Party Advisory

kb.cert.org/vuls/id/309662

intel.com

intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html