Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Microsoft is working on a mega security patch for some of its most crucial issues

Illustration of a laptop with a magnifying glass exposing a beetle on-screen

Microsoft has released a fix for a Secure Boot bypass vulnerability that allowed threat actors to deploy the BlackLotus bootkit to target endpoints - however, the update will be sitting idly on computers for months before it actually gets used, as its application is somewhat complicated.

The original vulnerability is tracked as CVE-2022-21894, and that one was patched in early 2023. However, hackers soon found ways to work around the patch and still deploy BlackLotus on Windows 10, Windows 11, and multiple Windows Server versions. Hence, CVE-2023-24932 was addressed earlier this week. 

But in order to fully address the issue, Microsoft needs to make irreversible changes to the Windows boot manager. Consequently, the fix will render current Windows boot media unbootable.

Bricking PCs

"The Secure Boot feature precisely controls the boot media that is allowed to load when an operating system is initiated, and if this fix is not properly enabled there is a potential to cause disruption and prevent a system from starting up," Microsoft said in an update

In other words, not being careful with how the fix is applied could brick the device that installs it. 

To make matters even more complicated, the device with the fix won’t be able to boot from older, unpatched bootable media. That includes system backups, network boot drives, Windows installation DVDs and USBs created from ISO files, and more.

Obviously, Microsoft doesn’t want to brick people’s computers, so the update will be rolled out in phases, over the next couple of months. There will be multiple versions of the patch, each somewhat easier to enable. Apparently, the third update will enable the fix for everyone, and it should be released in the first quarter of 2024. 

BlackLotus is the first bootkit that’s known to be used in the wild to bypass Secure Boot protections. Threat actors need either physical access to the device, or an account with system admin privileges.

Via: ArsTechnica

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.