Security News > 2023 > May > Microsoft Secure Boot Bug
Microsoft is currently patching a zero-day Secure-Boot bug.
The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections.
Secure Boot has been enabled by default for over a decade on most Windows PCs sold by companies like Dell, Lenovo, HP, Acer, and others.
It can affect physical PCs and virtual machines with Secure Boot enabled.
The initial version of the patch requires substantial user intervention to enable-you first need to install May's security updates, then use a five-step process to manually apply and verify a pair of "Revocation files" that update your system's hidden EFI boot partition and your registry.
A third update in "First quarter 2024" will enable the fix by default and render older boot media unbootable on all patched Windows PCs. Microsoft says it is "Looking for opportunities to accelerate this schedule," though it's unclear what that would entail.
News URL
https://www.schneier.com/blog/archives/2023/05/microsoft-secure-boot-bug.html