Security News > 2023 > March > BlackLotus Malware Hijacks Windows Secure Boot Process
Researchers have discovered malware that "Can hijack a computer's boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows."
Dubbed BlackLotus, the malware is what's known as a UEFI bootkit.
As a result, the first publicly known UEFI bootkit bypassing the essential platform security feature-UEFI Secure Boot-is now a reality.
In this blogpost we present the first public analysis of this UEFI bootkit, which is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled.
It's capable of running on the latest, fully patched Windows 11 systems with UEFI Secure Boot enabled.
It exploits a more than one year old vulnerability to bypass UEFI Secure Boot and set up persistence for the bootkit.
News URL
Related news
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)