Earlier this week, Microsoft released a patch to fix a Secure Boot bypass bug used by the BlackLotus bootkit we reported on in March. The original vulnerability, CVE-2022-21894, was patched in January, but the new patch for CVE-2023-24932 addresses another actively exploited fix for systems running Windows 10 and 11 and Windows Server versions back to Windows Server 2008.
The BlackLotus bootkit is the first known real-world malware that can bypass Secure Boot protections, allowing malicious code to run before your PC starts loading Windows and its many security measures. Secure Boot has been enabled by default on most Windows PCs sold by companies such as Dell, Lenovo, HP, Acer, and others for over a decade. PCs running Windows 11 must be enabled to meet the system requirements of the software.
Microsoft says the vulnerability could be exploited by an attacker with physical access to a system or administrative privileges on a system. It can affect physical PCs and virtual machines with Secure Boot enabled.
We’re highlighting the new fix partly because, unlike many high-priority Windows fixes, the update is disabled by default for at least a few months after it’s installed and partly because it eventually renders the current Windows bootable media unbootable. The fix requires changes to the Windows startup manager that cannot be undone once enabled.
“The Secure Boot feature carefully controls the bootable media that is allowed to load when an operating system boots, and if this fix is not enabled properly, it may cause a malfunction and prevent a system from booting,” reads one of many Microsoft support articles about the update.
In addition, once the fixes are enabled, your PC will no longer be able to boot from older bootable media that does not contain the fixes. On the long list of affected media: Windows installation media such as DVDs and USB drives created from Microsoft’s ISO files; custom Windows installation images maintained by IT departments; full system backups; network boot disks, including disks used by IT departments to troubleshoot machines and deploy new Windows images; stripped-down boot disks that use Windows PE; and the recovery media sold with OEM PCs.
Microsoft does not want to make users’ systems suddenly unbootable and will roll out the update in phases over the coming months. The initial version of the patch requires substantial user intervention to enable it. You must install May’s security updates first, then use a five-step process to manually apply and verify a few “revocation files” that update your system’s hidden EFI boot partition and your registry. These ensure that older, vulnerable versions of the bootloader are no longer trusted by PCs.
A second update will follow in July that does not enable the patch by default, but does get it easier allow it to. A third update in “Q1 2024” will enable the fix by default and make older bootable media unbootable on all patched Windows PCs. Microsoft says it is “looking for opportunities to accelerate this schedule,” though it’s unclear what that would entail.
Jean-Ian Boutin, ESET’s director of threat research, described the severity of BlackLotus and other bootkits to Ars when we originally reported on them:
The ultimate takeaway is that UEFI bootkit BlackLotus can install itself on up-to-date systems using the latest version of Windows with secure boot enabled. Although the vulnerability is old, it is still possible to use it to bypass all security measures and compromise a system’s boot process, giving the attacker control over the early stages of the system’s booting. It also illustrates a trend where attackers are targeting the EFI system partition (ESP) rather than firmware for their implants. They sacrifice unobtrusiveness for easier deployment, but offer a similar level of capability.
This fix isn’t the only recent security incident to highlight the issues of patching low-level Secure Boot and UEFI vulnerabilities; Computer and motherboard maker MSI recently leaked its signing keys in a ransomware attack, and there’s no easy way for the company to tell its products not to trust firmware updates signed with the compromised key.