Security News > 2023 > April > Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot

Two Critical bugs in particular grabbed our interest.

The last two bugs that intrigued us were CVE-2023-28249 and CVE-2023-28269, both listed under the headline Windows Boot Manager Security Feature Bypass Vulnerability.

An attacker who successfully exploited could bypass Secure Boot to run unauthorized code.

Ironically, the main purpose of the much-vaunted Secure Boot system is that it's supposed to help you keep your computer on a strict and unwavering path from the time you turn it on to the point that Windows takes control.

Secure Boot is supposed to stop attackers who steal your computer from injecting any booby-trapped code that could modify or subvert the initial startup process itself, a trick that's known in the jargon as a bootkit.

With one zero-day already being exploited by criminals, two high-CVSS-score Critical bugs that could lead to remote malware implantation, and two bugs that could remove the Secure from Secure Boot, why delay? Just do it today! Read the SophosLabs report that looks at this month's patches more broadly.

News URL

https://nakedsecurity.sophos.com/2023/04/12/microsoft-fixes-a-zero-day-and-two-curious-bugs-that-take-the-secure-out-of-secure-boot/