In January of this year, microsoft released a security patch for computers updated to Windows 11. The patch was meant to fix a serious vulnerability in the Secure Boot security mechanism. However, “BlackLotus”, one of the most dangerous malware today, continues to pose a threat. As a result, Microsoft has had to release yet another patch this week. This new patch corrects another bug that BlackLotus was taking advantage of to execute code remotely on the computers of its victims.
BlackLotus is a sophisticated bootkit that is capable of evading the security mechanisms of SecureBoot. SecureBoot is a mandatory requirement for installing Windows 11 or upgrading to this version. It is a secure boot system that has been included in the vast majority of Windows computers released in the last decade. By bypassing these security mechanisms, BlackLotus is able to execute malicious code even before the operating system has started to load when the computer is turned on. From Microsoft, they ensure that the vulnerability can be exploited by attackers who have physical access to a Windows computer or who have administrator permissions in the system.
BlackLotus malware exploits Windows 11 security vulnerabilities
The flaw that BlackLotus exploits is a serious one, and it has taken Microsoft several months to patch it. Microsoft has confirmed this information to ArsTechnica, stating that the vulnerability won't be resolved until at least the first quarter of 2024 because the solution needs to be propagated in three different stages, separated by several months.
The first stage began in January of this year, when Microsoft released a security patch to fix the CVE-2022-21894 vulnerability. This vulnerability allowed attackers to execute arbitrary code in the Secure Boot process. However, BlackLotus continued to pose a threat even after this patch has become available.
The second stage began recently when Microsoft released a new patch to fix the CVE-2023-24932 vulnerability. This vulnerability allowed BlackLotus to execute code remotely on the computers of its victims. The patch is intended for computers running Windows 10 and Windows 11. In addition to versions of Windows Server later than Windows Server 2008. However, the update will reach devices with the patch disabled, and it will take a few months to activate. This is because it will make the media currently used to boot Windows on computers stop working as a result of changes to the boot loader that will be irreversible. Once you activate the patch, you won't be able to boot using media like USB drives or old DVDs that lack the patch and are running versions of Windows.
Gizchina News of the week
This is the reason why Microsoft has decided to space out the resolution of the breach over time. The update aimed at facilitating the activation of the patch will not arrive until June. And the last one, in charge of definitively activating the fix to the problem, will be available at the beginning of 2024.
Microsoft Continues to Battle BlackLotus Malware with New Security Patches, but the Threat Persists
The vulnerability that BlackLotus exploits is a serious one. And it highlights the importance of keeping your computer and its security systems up to date. Although Microsoft designed the Secure Boot system to protect against such attacks, determined attackers can still breach even the strongest security systems. With BlackLotus continuing to pose a threat, it is essential that users take steps to protect themselves.
One way to do this is by keeping your computer and its security systems up to date. Ensure that you promptly install any updates or patches Microsoft releases as soon as they are available. It is also a good idea to keep your antivirus software up to date. And to scan your computer regularly for malware. Additionally, you should be cautious about the websites you visit and the files you download. Avoid clicking on links or downloading files from unknown sources, as these can often contain malware.
In conclusion, BlackLotus is a serious one. And it has taken Microsoft several months to patch it. While the second stage of the patch is available, it will take several months for it to fully activate. It is essential that users take steps to protect themselves by keeping their computers and security systems up to date. Scanning their computers regularly for malware, and being cautious about the websites they visit and the files they download. With these precautions in place, users can help to protect themselves against the threat of BlackLotus and other malware.