Earlier this week, Microsoft released a patch to fix a Secure Boot bypass bug used by the BlackLotus bootkit that we reported on in March. The original vulnerability, CVE-2022-21894, was patched in January, but the new patch for CVE-2023-24932 addresses another actively exploited workaround for systems running Windows 10 and 11 and versions of Windows Server back to Windows Server 2008.
BlackLotus bootkit is the first known real-world malware to bypass Secure Boot protections, which allows malicious code to be executed before your PC even starts to load Windows and other security protections . Secure Boot has been enabled by default for over a decade on most Windows PCs sold by companies such as Dell, Lenovo, HP, Acer, and others. PCs running Windows 11 must be able to do this to meet the system software requirements.
Microsoft said the vulnerability could be exploited by an attacker with physical access to a system or administrative rights to a system. This can affect both physical PCs and virtual machines with Secure Boot enabled.
We’re highlighting the new fix in part because, unlike many high-priority Windows fixes, the update will be disabled by default for at least a few months after it’s released. will be installed and partly because it will eventually make the existing Windows boot media unbootable. The fix requires changes to the Windows boot manager that are irreversible once done.
“The Secure Boot feature precisely controls the boot media that is allowed to load when an operating system is started, and if this is done poorly it can have the potential to cause disruption and prevent a system from to begin with,” read one of the many. Microsoft support articles about the update.
Additionally, once the fixes are done, your PC will no longer be able to boot from older bootable media that doesn’t include the fixes. In the long list of affected media: Windows install media such as DVDs and USB drives created from Microsoft’s ISO files; custom installation of Windows images maintained by IT departments; full system backup; network boot drives including those used by IT departments to troubleshoot machines and deploy new Windows images; stripped boot drives using Windows PE; and the recovery media sold in OEM PCs.
Not wanting to suddenly make any users’ systems unbootable, Microsoft will roll out the update in phases over the next few months. The initial version of the patch requires a lot of user intervention to enable—you must first install the May security updates, then use a five-step process to manually apply and verify one a pair of “recovery files” that update your system’s hidden EFI boot partition and your registry. This will make it so that older, weaker versions of the bootloader can no longer be trusted on PCs.
The second update will follow in July which will not enable the patch by default but it will easier to make. The third update in “first quarter 2024” will enable the fix by default and make older boot media unbootable on all patched Windows PCs. Microsoft says it’s “looking for opportunities to accelerate this schedule,” though it’s not clear what that would entail.
Jean-Ian Boutin, ESET’s director of threat research, described the severity of BlackLotus and other bootkits to Ars when we originally reported it:
The final takeaway is that the UEFI bootkit BlackLotus is able to install itself on the latest systems using the latest version of Windows with secure boot. Although the vulnerability is old, it is still possible to use it to bypass all security measures and compromise the boot process of a system, given the attacker control in the early part of the system startup. It also shows a trend where attackers are targeting the EFI System Partition (ESP) as opposed to the firmware for their implants—sacrificing stealth for easy deployment—but allowing the same level of capability.
This fix is not the only recent security incident to highlight the difficulties of patching low-level Secure Boot and UEFI vulnerabilities; Computer and motherboard maker MSI recently had its signature keys leaked in a ransomware attack, and there’s no simple way for the company to tell its products not to trust the firmware updates signed by the compromised key.