Security News > 2023 > May > Microsoft issues optional fix for Secure Boot zero-day used by malware

Microsoft issues optional fix for Secure Boot zero-day used by malware
2023-05-09 18:45

Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems.

According to a Microsoft Security Response Center blog post, the security flaw was used to bypass patches released for CVE-2022-21894, another Secure Boot bug abused in BlackLotus attacks last year.

"To protect against this attack, a fix for the Windows boot manager is included in the May 9, 2023, security update release, but disabled by default and will not provide protections," the company said.

To determine if Secure Boot protections are enabled on your system, you can run the msinfo32 command from a Windows command prompt to open the System Information app.

Secure Boot is toggled on if you see a "Secure Boot State ON" message on the left side of the window after selecting "System Summary."

"Once the mitigation for this issue is enabled on a device, meaning the revocations have been applied, it cannot be reverted if you continue to use Secure Boot on that device," Microsoft said.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-optional-fix-for-secure-boot-zero-day-used-by-malware/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-01-11 CVE-2022-21894 Unspecified vulnerability in Microsoft products
Secure Boot Security Feature Bypass Vulnerability
local
low complexity
microsoft
4.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 685 788 4545 4401 3639 13373