There is something going on w/r/t UEFI Secure Boot keys and Kaspersky.
1. Sign Kaspersky UEFI Rootkit (oops, “loader”) even though this wasn’t what the program was meant for, putting *everyone* at risk thanks to the DB policy.
— Alex Ionescu (@aionescu) February 15, 2020
2. Finally release revocation (thanks @int0x6)
3. Pull back the release and indicate you won’t offer it anymore.
FFS MSFT… https://t.co/cNHoPH2SP9
Microsoft has revoked Kaspersky vulnerable UEFI bootloader which could be used to circumvent Secure Boot. The update adds bootloader hash to dbx list, distributed via Windows Update. No dbx updates from UEFI Forum yet.https://t.co/IIKkf6UHN6 https://t.co/I3wtCAxZ2d
— ValdikSS (@ValdikSS) February 14, 2020
It took Microsoft more than 10 months to revoke the file. UEFI Forum stopped responding to my emails long ago.
— ValdikSS (@ValdikSS) February 14, 2020
This update introduced boot problems on some HP motherboards:https://t.co/IrmKS3xPHYhttps://t.co/mJXhzQ2da6
At least 2 other vuln bootloaders exist, not revoked.
good news they revoke one, bad news it’s not a single case of supply chain complexity problems
— Alex Matrosov (@matrosov) February 16, 2020
I wish I could clarify the issue better, but for now it is just a bunch of tweets…
Firmware Security 
One thought on “Kaspersky bootloader UEFI Secure Boot vulnerability”