DT Research has been closely monitoring critical security issues related to Secure Boot—an industry-wide system that ensures devices only load secure software when booting. We ensure cybersecurity is embedded into device design by collaborating closely with major technology manufacturers like Microsoft and Intel.
CVE-2025-3052 was discovered in the tool intended to run on DT Research rugged tablets. It was discovered that data from NVRAM can be modified so that a second binary could be loaded, enabling attackers to bypass Secure Boot protections and install malware before the operating system loads. For context, DT Research’s BIOS tools have never been made available to the public and are only given to trusted partners.
Exploit Identified
Issue Addressed
DT Research was made aware of this issue in April and quickly identified the affected BIOS tools for Microsoft to blacklist. Microsoft then quickly released a patch addressing the issue (KB5060842 for Windows 11, KN5060533 for Windows 10), blocking the ability to exploit Secure Boot. Fourteen new hashes have been put in place as a result. To see the complete list of patches, see Table 1 below for details.
We have already verified that all of our systems are able to be updated to the latest firmware that includes this fix, and have taken extra precautions to prevent this kind of issue from putting our customers at risk going forward.
The new BIOS tool (version 81.03 or greater) was released to fix DT’s vulnerability, which will only be signed by DT Research and no longer by Microsoft. We have urged our customers to update their systems as soon as possible and made sure that all devices shipped after June 10thinclude the new firmware with the patch update.
Scheduling Updates
If your system(s) have automatic updates enabled, you are likely already protected. For customers who disable automatic updates for uninterrupted operation, it is important to create a schedule for regular updates so that your system(s) stay up to date, as new security issues are regularly discovered.
1. Make sure your system is up to date. Install any pending updates from June 2025 or later to be on the latest firmware. System updates are critical in addressing security issues and preventing potential attacks.
2. Turn on and/or schedule auto updates. This way, your system will regularly install the latest firmware to patch vulnerabilities.
3. Monitor your devices and networks for unusual activity to detect threats early. Implement strong access controls and perform security assessments regularly to identify and address vulnerabilities.
Table 1: Complete List of Patches
| Article | Product |
| 5060118 | Windows Server 2022, 23H2 Edition (Server Core installation) |
| 5060525 | Windows Server 2022 (Server Core installation) |
| 5060525 | Windows Server 2022 |
| 5060526 | Windows Server 2022 (Server Core installation) |
| 5060526 | Windows Server 2022 |
| 5060531 | Windows Server 2019 (Server Core installation) |
| 5060531 | Windows Server 2019 |
| 5060531 | Windows 10 Version 1809 for x64-based Systems |
| 5060531 | Windows 10 Version 1809 for 32-bit Systems |
| 5060533 | Windows 10 Version 22H2 for 32-bit Systems |
| 5060533 | Windows 10 Version 22H2 for ARM64-based Systems |
| 5060533 | Windows 10 Version 22H2 for x64-based Systems |
| 5060533 | Windows 10 Version 21H2 for x64-based Systems |
| 5060533 | Windows 10 Version 21H2 for ARM64-based Systems |
| 5060533 | Windows 10 Version 21H2 for 32-bit Systems |
| 5060841 | Windows Server 2025 |
| 5060841 | Windows 11 Version 24H2 for x64-based Systems |
| 5060841 | Windows 11 Version 24H2 for ARM64-based Systems |
| 5060841 | Windows Server 2025 (Server Core installation) |
| 5060842 | Windows Server 2025 |
| 5060842 | Windows 11 Version 24H2 for x64-based Systems |
| 5060842 | Windows 11 Version 24H2 for ARM64-based Systems |
| 5060842 | Windows Server 2025 (Server Core installation) |
| 5060998 | Windows 10 for x64-based Systems |
| 5060998 | Windows 10 for 32-bit Systems |
| 5060999 | Windows 11 Version 23H2 for x64-based Systems |
| 5060999 | Windows 11 Version 23H2 for ARM64-based Systems |
| 5060999 | Windows 11 Version 22H2 for x64-based Systems |
| 5060999 | Windows 11 Version 22H2 for ARM64-based Systems |
| 5061010 | Windows Server 2016 (Server Core installation) |
| 5061010 | Windows Server 2016 |
| 5061010 | Windows 10 Version 1607 for x64-based Systems |
| 5061010 | Windows 10 Version 1607 for 32-bit Systems |
| 5061018 | Windows Server 2012 R2 (Server Core installation) |
| 5061018 | Windows Server 2012 R2 |
| 5061059 | Windows Server 2012 (Server Core installation) |
| 5061059 | Windows Server 2012 |
Sources:
1. https://binarly-io.webflow.io/advisories/brly-dva-2025-001
2. https://www.binarly.io/blog/another-crack-in-the-chain-of-trust
3. https://www.ghacks.net/2025/06/10/microsoft-windows-security-updates-for-june2025-are-now-available/