According to Microsoft’s planning, the entire bug fix process will take a year to complete.
This week Ars Technica reported on Microsoft’s latest plan to eliminate a serious vulnerability affecting the boot process on various types of Windows machines. The vulnerability can be exploited by a piece of malware called BlackLotus, which belongs to a family of malware known as a UEFI bootkit. These pieces of malware are highly sophisticated and target the UEFI—short for Unified Extensible Firmware Interface—which is the low-level and complex chain of firmware responsible for booting up virtually every modern computer.
Microsoft first patched the CVE-2022-21894 “Secure Boot Security Feature Bypass Vulnerability” in January, but issued a new patch on May 9 to cover the CVE-2023-24932 vulnerability, which is another actively exploited workaround for systems running Windows 10 and 11 and Windows Server versions going back to Windows Server 2008.
A year-long patch process
This latest fix, however, will be addressed in three phases, of which the May 9 patch is just the first stage. According to Microsoft, a second release will be issued on July 11, 2023, and will provide “additional update options to simplify the deployment of the protections”. The third and final stage will not be released until “first quarter 2024”. This final release will enable the fix for CVE-2023-24932 by default and enforce bootmanager revocations on all Windows devices, Microsoft promises.
According to Ars Technica, the BlackLotus bootkit is “the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections”.
The secure boot process is targeted
Microsoft says that an attacker can exploit the vulnerability with either physical access to a system or administrator rights on a system. It can affect physical PCs and virtual machines with Secure Boot enabled. Secure Boot has been enabled by default for over a decade on most Windows PCs sold by companies like Dell, Lenovo, HP, Acer, and others. PCs running Windows 11 must have it enabled to meet the software’s system requirements, the report explains.
Users should note that once the fixes have been enabled, their PC will no longer be able to boot from older bootable media that doesn’t include the fixes.