Skip to content

Bootkit zero-day fix – is this Microsoft’s most cautious patch ever? – Naked Security

Microsoft’s May 2023 Patch Tuesday updates contain 38 vulnerabilities, with seven of them considered critical. Three of these vulnerabilities are zero-days, with one already exploited by cybercriminals, including the Black Lotus ransomware gang. Microsoft has released a patch for this in-the-wild security hole, but it won’t be automatically applied. Users will need to read and absorb a 500-word post and work through a nearly 3000-word instructional reference to activate the necessary security fixes. The patch involves updating Microsoft’s bootup code in the hard disk’s startup partition and telling the motherboard not to trust the old, insecure bootup code anymore.

The problem with disowning compromised firmware keys to block possible rogue firmware code is that it can provoke unintended consequences, including making the firmware unusable. Microsoft’s CVE-2023-24932 case is not as severe, but none of the existing recovery disks will be trusted by the computer since they include boot-time components that have now been revoked. Microsoft built the raw materials needed for the patch into the files users get when downloading the May 2023 Patch Tuesday update, but it won’t activate automatically. Users need to follow a three-step manual process, including fetching the update, manually patching bootable devices, and manually telling the computer to revoke buggy bootup code.

Microsoft has provided a three-stage schedule for this particular update to avoid complications. Users can complete the patch today by using the full-but-clumsy manual process described above, install the patch but do nothing else right now, or wait for safer automatic deployment tools promised in July. Early next year, unpatched users will face the consequences of leaving their computers exploitable. The patch is a time-consuming hassle that users could all do without, especially those working from home, and dozens of other people in the company have been stymied at the same time and need to be sent new recovery media.

Leave a Reply

Your email address will not be published. Required fields are marked *