Security News > 2023 > May > Microsoft fixes Secure Boot zero-day used by BlackLotus UEFI malware

Microsoft fixes Secure Boot zero-day used by BlackLotus UEFI malware
2023-05-09 18:45

Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems.

According to a Microsoft Security Response Center blog post, the security flaw was used to bypass patches released for CVE-2022-21894, another Secure Boot bug abused in BlackLotus attacks last year.

"Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894," the company said.

Secure Boot is toggled on if you see a "Secure Boot State ON" message on the left side of the window after selecting "System Summary."

While the security updates released today by Redmond contain a Windows boot manager fix, they are disabled by default and will not remove the attack vector exploited in BlackLotus attacks.

"Once the mitigation for this issue is enabled on a device, meaning the revocations have been applied, it cannot be reverted if you continue to use Secure Boot on that device," Microsoft said.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-secure-boot-zero-day-used-by-blacklotus-uefi-malware/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-24932 Unspecified vulnerability in Microsoft products
Secure Boot Security Feature Bypass Vulnerability
local
low complexity
microsoft
6.7
2022-01-11 CVE-2022-21894 Unspecified vulnerability in Microsoft products
Secure Boot Security Feature Bypass Vulnerability
local
low complexity
microsoft
4.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 687 792 4557 4370 3656 13375