Medium

CryptoPro Secure Disk Boot Loader Secure Boot Bypass

IdentifiersCVE-2022-34301CWE-693

A flaw was found in CryptoPro Secure Disk bootloaders released before 2022-06-01 that allows Secure Boot protections to be bypassed. The vulnerable bootloader is signed and therefore trusted in Secure Boot environments, but it can be abused to load and execute arbitrary code during the pre-boot phase. According to the provided content, exploitation is achieved by replacing the currently used signed bootloader with the vulnerable CryptoPro bootloader and then using its EFI shell-related functionality to bypass Secure Boot enforcement. This is a boot chain trust failure in which a legitimately signed third-party UEFI component can be used to subvert platform boot integrity.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an attacker to bypass or tamper with Secure Boot protections and execute arbitrary code before the operating system loads. Because this occurs in the pre-boot stage, the attacker can undermine the integrity of the boot chain, potentially disable downstream security controls, and establish highly privileged persistence below the OS. The compromise can make a system appear to boot normally while its firmware or boot process has been subverted.

Mitigation

If you can’t patch tonight, do this now.

Restrict attacker ability to modify the EFI System Partition or boot from external media, since the provided content states ESP access is required for booting using external media. Deploy Secure Boot DBX revocation updates, enforce firmware/BIOS passwords, limit physical access, disable or tightly control alternate boot paths and removable-media boot where operationally feasible, and monitor for unauthorized changes to boot components. Where possible, use updated firmware and bootloader trust policies that revoke known-vulnerable signed UEFI components.

Remediation

Patch, then assume compromise.

Apply vendor and platform revocation updates that block the vulnerable bootloader. The provided content specifically references Microsoft's Secure Boot DBX update KB5012170 as the mitigation associated with CVE-2022-34301, and notes that administrators should ensure the latest servicing stack update is installed before deploying it. Administrators should also follow Microsoft guidance in KB5016061 for addressing vulnerable and revoked Boot Managers. In addition, replace or remove vulnerable CryptoPro Secure Disk bootloaders issued before 2022-06-01 so they are no longer present or usable in the environment.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

CryptoproSecure Diskapplication

KidanCryptopro Securedisk For Bitlockeroperating_system

Microsoft CorporationWindows 10operating_system

Microsoft CorporationWindows 11operating_system

Microsoft CorporationWindows 8.1operating_system

Microsoft CorporationWindows Rt 8.1operating_system

Microsoft CorporationWindows Server 2012operating_system

Microsoft CorporationWindows Server 2016operating_system

Microsoft CorporationWindows Server 2019operating_system

Microsoft CorporationWindows Server 2022operating_system

Red HatEnterprise Linuxoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

microsoft supportNews

Jan 1, 2026

KB5012170: Security update for Secure Boot DBX - Microsoft Support

A Secure Boot-related boot loader bypass vulnerability involving the Eurosoft boot loader, addressed via Secure Boot DBX updates.

eclypsium blogNews

Oct 14, 2025

BombShell: The Signed Backdoor Hiding in Plain Sight on Framework Devices

A vulnerability in third-party UEFI bootloaders signed by Microsoft allows attackers to bypass Secure Boot, undermining the boot process security.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2022-34301

NVD

nvd.nist.gov/vuln/detail/CVE-2022-34301

MITRE CWE · CWE-693

cwe.mitre.org

Third Party Advisory

edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot

Third Party Advisory

kb.cert.org/vuls/id/309662

intel.com

intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html