Microsoft has published its monthly security updates this week and among all the patches, a solution stands out against BlackLotus, the first UEFI malware capable of bypassing Windows secure boot. It affects all versions of Windows so it is convenient to update.
Microsoft publishes the second Tuesday of each month a general security bulletin que resolves known vulnerabilities. Considering the amount of software the company distributes and the hundreds of millions of users/computers it reaches, you can imagine its importance. Like previous monthly patch sets, they are applied incrementally to the vast set of Microsoft applications and services.
This month of May, there have been 38 patches published with a count in each category that is distributed as follows:
- 12 remote code execution vulnerabilities.
- 8 elevation of privilege vulnerabilities.
- 8 information disclosure vulnerabilities.
- 5 denial of service vulnerabilities
- 4 Security Feature Circumvention Vulnerabilities
- 1 phishing vulnerability.
Say that 6 of them are critical and 3 are 0-Day, actively exploited by cybercriminals in computer attacks and for which until now there was no solution. Especially dangerous is the so-called BlackLotus, a malware detected last October by Kaspersky researchers and which was being sold on cybercrime markets.
Very dangerous, it is a bootkit UEFI that is implemented in the firmware of computers and allows full control over the operating system startup process, making it possible to disable security mechanisms at the operating system level and deploy arbitrary payloads during startup with administrator privileges. A major threat to the computing landscape considering that it is capable of bypassing security defenses even when they are enabled in BIOS/UEFI.
Malware takes advantage of this, including its own copies of legitimate but compromised binaries, to disable system security tools like BitLocker and Windows Defender, and bypassing User Account Control. It also implements a kernel driver and an HTTP downloader.
How to install Microsoft security patches
The easiest way to install and apply security updates on client machines is from system settings:
- Press the “Windows + I” hotkey shortcut to access the Settings tool.
- Go to the Update and security section > Windows Update.
- Actively check for updates. Microsoft offers them immediately after releasing each Patch Tuesday.
- Download, install and restart the computer to apply them.
You can review the full fix against the BlackLotus vulnerability, labeled CVE-2023-24932, in this post.
