Security News > 2023 > May > Microsoft issues optional fix for Secure Boot zero-day used by malware

Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems.
According to a Microsoft Security Response Center blog post, the security flaw was used to bypass patches released for CVE-2022-21894, another Secure Boot bug abused in BlackLotus attacks last year.
"To protect against this attack, a fix for the Windows boot manager is included in the May 9, 2023, security update release, but disabled by default and will not provide protections," the company said.
To determine if Secure Boot protections are enabled on your system, you can run the msinfo32 command from a Windows command prompt to open the System Information app.
Secure Boot is toggled on if you see a "Secure Boot State ON" message on the left side of the window after selecting "System Summary."
"Once the mitigation for this issue is enabled on a device, meaning the revocations have been applied, it cannot be reverted if you continue to use Secure Boot on that device," Microsoft said.
News URL
Related news
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-11 | CVE-2022-21894 | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 0.0 |