Security News > 2023 > March > It's official: BlackLotus malware can bypass Secure Boot on Windows machines
BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.
Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines.
In research published today, ESET malware analyst Martin Smolár, says the myth of an in-the-wild bootkit bypassing secure boot "Is now a reality," as opposed to the usual slew of fake ads by criminals attempting to scam their fellow miscreants.
The latest malware "Is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled," he added.
BlackLotus exploits a more than one-year-old vulnerability, CVE-2022-21894, to bypass the secure boot process and establish persistence.
The bootkit research follows UEFI vulnerabilities in Lenovo laptops that ESET discovered last spring, which, among other things, allow attackers to disable secure boot.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/01/blacklotus_malware_eset/
Related news
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed (source)
- New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs (source)
- Microsoft fixes Linux boot issues on dual-boot Windows systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-11 | CVE-2022-21894 | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 0.0 |