Wednesday 8 March 2023

New Windows 10/11 UEFI bootkit can bypass Secure Boot!

The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on a fully updated UEFI system is now a reality.

The vulnerability is mainly due to Microsoft not yet blocking a known security hole in the UEFI boot process (a new Microsoft OS KB update to fix the issue would be quite complicated and would have to change several key Microsoft boot files and the UEFI NVRAM dbx database, so it could cause Win10/11 systems to be non-bootable if the update process went wrong).

The BlackLotus exploit mechanism is explained in detail here and it is quite an interesting read if you want to gain a better understanding of how UEFI-booting, secure boot, etc. works and can be bypassed.

No doubt MS will provide a security patch via a KB update in due course...