Communications of the ACM

Home/News/Stealthy UEFI Malware Bypassing Secure Boot Enabled.../Full Text

ACM TechNews

Stealthy UEFI Malware Bypassing Secure Boot Enabled by Unpatchable Windows Flaw

By Ars Technica
March 9, 2023
Comments

View as: Print Mobile App Share:

Artist's representation of the BlackLotus malware. — While researchers have found Secure Boot vulnerabilities in the past, there has been no indication that threat actors have ever been able to bypass the protection in the 12 years it has been in existence. Until now.

Credit: Aurich Lawson/Getty Images

Researchers at Slovak cybersecurity firm ESET have found the first real-world case of Unified Extensible Firmware Interface (UEFI) malware that can take over a computer's boot process even with Secure Boot enabled and running on fully updated versions of Windows 10 and 11.

The UEFI package, dubbed BlackLotus, exploits the Baton Drop logic flaw in all supported versions of Windows that Microsoft patched last January.

ESET's Jean-Ian Boutin explained, "Even though the vulnerability is old, it is still possible to leverage it to bypass all security measures and compromise the booting process of a system, giving the attacker control over the early phase of the system startup."

The only current BlackLotus infection prevention measure is to install all available operating system and application patches, which will compound the installer's difficulties in acquiring administrative privileges.

From Ars Technica
View Full Article

No entries found

Stealthy UEFI Malware Bypassing Secure Boot Enabled by Unpatchable Windows Flaw

Service Robots Roll Forward

U.S. Copyright Office's Questions about Generative AI

The Colossus