Microsoft is currently patching a zero-day Secure-Boot bug that can be exploited by an attacker with physical access to a system or administrator rights on a system. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has been enabled by default for over a decade on most Windows PCs sold by companies like Dell, Lenovo, HP, Acer, and others. PCs running Windows 11 must have it enabled to meet the software’s system requirements.
The vulnerability can affect physical PCs and virtual machines with Secure Boot enabled. Microsoft says that it is a nasty vulnerability, but it takes some work to exploit it. However, the problem with the patch is that it breaks backwards compatibility. Once the fixes have been enabled, your PC will no longer be able to boot from older bootable media that doesn’t include the fixes. That’s why Microsoft will be rolling out the update in phases over the next few months.
The initial version of the patch requires substantial user intervention to enable. Users first need to install May’s security updates, then use a five-step process to manually apply and verify a pair of “revocation files” that update the system’s hidden EFI boot partition and the registry. A second update will follow in July that won’t enable the patch by default but will make it easier to enable. A third update in “first quarter 2024” will enable the fix by default and render older boot media unbootable on all patched Windows PCs. Microsoft says it is “looking for opportunities to accelerate this schedule,” though it’s unclear what that would entail.
In conclusion, the Microsoft Secure Boot Bug is a significant vulnerability that needs to be addressed immediately. While it takes some work to exploit it, the damage it can do to a system is significant. Microsoft is currently rolling out a patch in phases over the next few months, but it breaks backwards compatibility, making it difficult for users to adopt the patch. It is important for users to keep their systems updated with the latest security patches to ensure that they are protected from vulnerabilities like this.
