Microsoft is working on a mega security patch for some of its most crucial issues
It’s going to take almost a year to complete
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas released a fix for a Secure Boot bypass vulnerability that allowed threat actors to deploy the BlackLotusbootkitto target endpoints - however, the update will be sitting idly on computers for months before it actually gets used, as its application is somewhat complicated.
The original vulnerability is tracked as CVE-2022-21894, and that one was patched in early 2023. However, hackers soon found ways to work around the patch and still deploy BlackLotus onWindows 10,Windows 11, and multiple Windows Server versions. Hence, CVE-2023-24932 was addressed earlier this week.
But in order to fully address the issue, Microsoft needs to make irreversible changes to the Windows boot manager. Consequently, the fix will render current Windows boot media unbootable.
Bricking PCs
“The Secure Boot feature precisely controls the boot media that is allowed to load when anoperating systemis initiated, and if this fix is not properly enabled there is a potential to cause disruption and prevent a system from starting up,” Microsoftsaid in an update.
In other words, not being careful with how the fix is applied could brick the device that installs it.
To make matters even more complicated, the device with the fix won’t be able to boot from older, unpatched bootable media. That includes system backups, network boot drives, Windows installation DVDs and USBs created from ISO files, and more.
‘Near-undetectable’ hacking tool up for sale on malware forum>A new dangerous malware is turning Windows and Linux devices into DDoS tools>Here’s our list of the best endpoint protection tools
Obviously, Microsoft doesn’t want to brick people’s computers, so the update will be rolled out in phases, over the next couple of months. There will be multiple versions of the patch, each somewhat easier to enable. Apparently, the third update will enable the fix for everyone, and it should be released in the first quarter of 2024.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
BlackLotus is the first bootkit that’s known to be used in the wild to bypass Secure Boot protections. Threat actors need either physical access to the device, or an account with system admin privileges.
Via:ArsTechnica
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Quordle today – hints and answers for Saturday, November 9 (game #1020)
