Security News > 2023 > March > It's official: BlackLotus malware can bypass Secure Boot on Windows machines

It's official: BlackLotus malware can bypass Secure Boot on Windows machines
2023-03-01 21:30

BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.

Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines.

In research published today, ESET malware analyst Martin Smolár, says the myth of an in-the-wild bootkit bypassing secure boot "Is now a reality," as opposed to the usual slew of fake ads by criminals attempting to scam their fellow miscreants.

The latest malware "Is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled," he added.

BlackLotus exploits a more than one-year-old vulnerability, CVE-2022-21894, to bypass the secure boot process and establish persistence.

The bootkit research follows UEFI vulnerabilities in Lenovo laptops that ESET discovered last spring, which, among other things, allow attackers to disable secure boot.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/01/blacklotus_malware_eset/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-01-11 CVE-2022-21894 Unspecified vulnerability in Microsoft products
Secure Boot Security Feature Bypass Vulnerability
0.0