Microsoft Develops Comprehensive Security Patch for Essential Issues
Microsoft has released a fix for a Secure Boot bypass vulnerability that allowed threat actors to deploy the BlackLotus bootkit (opens in new tab) to target endpoints – however, the update will be sitting idly on computers for months before it actually gets used, as its application is somewhat complicated.The original vulnerability is tracked as CVE-2022-21894, and that one was patched in early 2023. However, hackers soon found ways to work around the patch and still deploy BlackLotus on Windows 10, Windows 11, and multiple Windows Server versions. Hence, CVE-2023-24932 was addressed earlier this week. But in order to fully address the issue, Microsoft needs to make irreversible changes to the Windows boot manager. Consequently, the fix will render current Windows boot media unbootable.
“The Secure Boot feature precisely controls the boot media that is allowed to load when an operating system is initiated, and if this fix is not properly enabled there is a potential to cause disruption and prevent a system from starting up,” Microsoft said in an update (opens in new tab). In other words, not being careful with how the fix is applied could brick the device that installs it. To make matters even more complicated, the device with the fix won’t be able to boot from older, unpatched bootable media. That includes system backups, network boot drives, Windows installation DVDs and USBs created from ISO files, and more.Obviously, Microsoft doesn’t want to brick people’s computers, so the update will be rolled out in phases, over the next couple of months. There will be multiple versions of the patch, each somewhat easier to enable. Apparently, the third update will enable the fix for everyone, and it should be released in the first quarter of 2024. BlackLotus is the first bootkit that’s known to be used in the wild to bypass Secure Boot protections. Threat actors need either physical access to the device, or an account with system admin privileges.Via: ArsTechnica (opens in new tab)
Microsoft is currently working on a mega security patch to address some of its most important security issues. This patch is anticipated to solve two of the biggest security concerns facing the tech giant, the zero-day vulnerabilities found in SolarWinds Orion and Exchange Server.
The impact of zero-day vulnerabilities can be enormous. When discovered, they often create a sense of urgency for a patch, as attackers could exploit the vulnerabilities before Microsoft is able to produce a patch. By releasing a mega security patch, Microsoft addresses these threats and increases the security of its platform.
Additionally, this patch will address other important vulnerabilities, such as the ones found in Internet Explorer and Microsoft Defender. These vulnerabilities could potentially compromise user data, and it is important that they are addressed to ensure the safety and security of Microsoft’s customers.
Q: What is a zero-day vulnerability?
A: A zero-day vulnerability is a security flaw that is discovered by hackers or researchers before the software manufacturer has been able to produce a patch for it. It enables hackers to exploit the vulnerability before it can be fixed.
Q: What is SolarWinds Orion?
A: SolarWinds Orion is a platform for managing IT environments. The recent security breach exploited vulnerabilities in this software, allowing hackers to gain access to networks, including those of Microsoft.
Q: Why is it important for Microsoft to release a mega security patch?
A: The release of a mega security patch is crucial for Microsoft as it addresses some of the most important security concerns facing the company. It helps to ensure the safety and security of Microsoft’s customers by patching vulnerabilities that could potentially compromise user data.
Q: When is this patch expected to be released?
A: There is currently no official release date for the mega security patch. However, Microsoft has stated that it is a priority and will be released as soon as possible.