Microsoft recently rolled out a PowerShell script that addresses the 2023 BlackLotus Secure Boot vulnerability for Windows-bootable media. The script updates the February 2023 Secure Boot Certificate Authority (CA) update.
Microsoft released a new Secure Boot Certificate Authority (CA) in February 2024, replacing the earlier CA from 2011. The latter CA was still from the days of Windows 8, which would be 15 years old by 2026 and would then expire.
Certificate Authorities (CAs) or keys help manage the authenticity and validity of various important Windows components, such as bootloaders, drivers, and firmware.
Update against BlackLotus vulnerability
However, Microsoft recently released a new PowerShell script, KB5053484, that updates Windows-bootable media so that it can trust the previously released Windows UEFI CA certificate.
The update is because it finally addresses a pre-existing vulnerability in the Windows Secure Boot feature.
The BlackLotus Secure Boot vulnerability, CVE-2023-24932, has been active since mid-2023 and allows the circumvention of Secure Boot functionality in Windows 11 and 10. Although hackers must have physical access or admin rights to a device to exploit this vulnerability, they can inject malicious code at the UEFI level.
As a result, Windows devices are compromised right from the boot process. However, the Secure Boot CA released in 2023 did not yet include functionality to counter this vulnerability.
Microsoft is making the update available immediately.
Also read: Critical Windows kernel vulnerability easily escalates system privileges