Microsoft will take almost a year to patch Secure Boot bug
Microsoft could need almost a year to patch a zero-day Secure Boot bug impacting Windows 10 and 11 PCs, Ars Technica reports.
The bug relates to the BlackLotus bootkit malware, and Microsoft patched the original vulnerability — CVE-2022-21894 — in January. It published a new fix for a second vulnerability, tracked as CVE-2023-24932, on Tuesday, 9 May 2023.
The BlackLotus bootkit is unique as it is the first-known actively exploited malware that can bypass Secure Boot, enabling the execution of malicious code before a system begins loading the operating system and its security measures.
Microsoft’s latest patch addresses an actively exploited workaround for BlackLotus in Windows 10 and 11. It also impacts Windows Server versions dating back to 2008.
However, the latest patch will be disabled by default for several months after it’s installed, as it requires changes to the Windows boot manager that can’t be reversed once activated.
This would effectively render current Windows boot media unusable.
“The Secure Boot feature precisely controls the boot media that is allowed to load when an operating system is initiated, and if this fix is not properly enabled, there is a potential to cause disruption and prevent a system from starting up,” said Microsoft.
The patch will also mean that PCs will no longer be able to boot from older forms of bootable media, including Windows install DVDs and USB drives created from Windows ISO files.
Microsoft plans to roll out the update over several months to avoid making users’ systems unusable.
The first part of the update requires significant user involvement to install.
Microsoft posted a support article explaining the steps, which include installing May’s updates and following a five-step process to apply and verify a pair of “revocation files” that update your system’s hidden EFI boot partition and registry.
The tech giant will release a second update in July that still won’t enable the fix by default but simplifies the process of activating it.
Finally, a third update will arrive in the “first quarter [of] 2024” that will enable the fix by default and render older boot media unbootable on all patched Windows PCs.
Now read: Department of Justice nailed for negligence after ransomware attack
Loading ...