Skip to content

BlackLotus bootkit patch may bring “false sense of security”, warns NSA

The NSA has released a guide to help mitigate against attacks involving the BlackLotus bootkit malware. The BlackLotus UEFI bootkit is capable of bypassing UEFI Secure Boot on fully updated UEFI systems, allowing the execution of malicious code before a PC’s operating system and security defences have loaded. Attackers could disable security measures such as BitLocker and Windows Defender, without triggering alarms, and deploy BlackLotus’s built-in protection against the bootkit’s own removal. Although Microsoft issued a patch for the flaw in Secure Boot back in January 2022, its exploitation remains possible. The NSA’s advisory details additional steps for hardening systems, but caution should be taken as they involve changes to how UEFI Secure Boot is configured.

Key Points:
– The BlackLotus UEFI bootkit malware is capable of bypassing UEFI Secure Boot on fully updated UEFI systems, allowing the execution of malicious code before a PC’s operating system and security defences have loaded.
– Attackers could disable security measures such as BitLocker and Windows Defender, without triggering alarms, and deploy BlackLotus’s built-in protection against the bootkit’s own removal.
– Although Microsoft issued a patch for the flaw in Secure Boot back in January 2022, its exploitation remains possible.
– The NSA has released a guide to help mitigate against attacks involving the BlackLotus bootkit malware, which details additional steps for hardening systems, but caution should be taken as they involve changes to how UEFI Secure Boot is configured.
– Protecting systems against BlackLotus is not a simple fix, and organizations should take necessary precautions to ensure the safety of their systems.

Leave a Reply

Your email address will not be published. Required fields are marked *