Security News > 2023 > May > Microsoft issues optional fix for Secure Boot zero-day used by malware

Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems.

According to a Microsoft Security Response Center blog post, the security flaw was used to bypass patches released for CVE-2022-21894, another Secure Boot bug abused in BlackLotus attacks last year.

"To protect against this attack, a fix for the Windows boot manager is included in the May 9, 2023, security update release, but disabled by default and will not provide protections," the company said.

To determine if Secure Boot protections are enabled on your system, you can run the msinfo32 command from a Windows command prompt to open the System Information app.

Secure Boot is toggled on if you see a "Secure Boot State ON" message on the left side of the window after selecting "System Summary."

"Once the mitigation for this issue is enabled on a device, meaning the revocations have been applied, it cannot be reverted if you continue to use Secure Boot on that device," Microsoft said.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-optional-fix-for-secure-boot-zero-day-used-by-malware/