Microsoft has launched a repair for a Safe Boot bypass vulnerability that allowed menace actors to deploy the BlackLotus bootkit (opens in new tab) to focus on endpoints – nevertheless, the replace will likely be sitting idly on computer systems for months earlier than it truly will get used, as its utility is considerably difficult.

The unique vulnerability is tracked as CVE-2022-21894, and that one was patched in early 2023. Nonetheless, hackers quickly discovered methods to work across the patch and nonetheless deploy BlackLotus on Home windows 10, Home windows 11, and a number of Home windows Server variations. Therefore, CVE-2023-24932 was addressed earlier this week. 

However with a view to absolutely handle the difficulty, Microsoft must make irreversible adjustments to the Home windows boot supervisor. Consequently, the repair will render present Home windows boot media unbootable.

Bricking PCs

“The Safe Boot function exactly controls the boot media that’s allowed to load when an working system is initiated, and if this repair will not be correctly enabled there’s a potential to trigger disruption and forestall a system from beginning up,” Microsoft stated in an replace (opens in new tab). 

In different phrases, not being cautious with how the repair is utilized may brick the gadget that installs it. 

To make issues much more difficult, the gadget with the repair received’t have the ability to boot from older, unpatched bootable media. That features system backups, community boot drives, Home windows set up DVDs and USBs created from ISO recordsdata, and extra.

Clearly, Microsoft doesn’t need to brick folks’s computer systems, so the replace will likely be rolled out in phases, over the subsequent couple of months. There will likely be a number of variations of the patch, every considerably simpler to allow. Apparently, the third replace will allow the repair for everybody, and it must be launched within the first quarter of 2024. 

BlackLotus is the primary bootkit that’s identified for use within the wild to bypass Safe Boot protections. Menace actors want both bodily entry to the gadget, or an account with system admin privileges.

• Take a look at the very best firewalls (opens in new tab) proper now

By way of: ArsTechnica (opens in new tab)