Microsoft has published its monthly security updates this week and among all the patches, a solution stands out against BlackLotus, the first UEFI malware capable of bypassing Windows secure boot. Affects all versions of Windows so it should be updated.
Microsoft publishes the second Tuesday of each month a general security bulletin que resolves known vulnerabilities. Considering the amount of software the company distributes and the hundreds of millions of users/computers it reaches, you can imagine its importance. Like previous monthly patch sets, they are applied incrementally to the vast set of Microsoft applications and services.
This month of May, there have been 38 patches published with a count in each category that is distributed as follows:
- 12 remote code execution vulnerabilities.
- 8 elevation of privilege vulnerabilities.
- 8 information disclosure vulnerabilities.
- 5 denial of service vulnerabilities
- 4 Security Feature Circumvention Vulnerabilities
- 1 phishing vulnerability.
Say that 6 of them are critical and 3 son 0-Day, actively exploited by cybercriminals in computer attacks and for which until now there was no solution. Especially dangerous is the so-called BlackLotus, a malware detected last October by Kaspersky researchers and which was being sold on cybercrime markets.
Very dangerous, it is a bootkit UEFI that is implemented in the firmware of computers and allows full control over the operating system startup process, making it possible to disable security mechanisms at the operating system level and deploy arbitrary payloads during startup with administrator privileges. a great threat for the computing landscape considering that it is capable of bypassing security defenses even when they are enabled in BIOS/UEFI.
Malware takes advantage of this, including its own copies of legitimate but compromised binaries, to disable system security tools like BitLocker and Windows Defender, and bypassing User Account Control. It also implements a kernel driver and an HTTP downloader.
How to install Microsoft security patches
The easiest way to install and apply security updates on client machines is from system settings:
- Press the “Windows + I” hotkey shortcut to access the Settings tool.
- Go to the Update and security section > Windows Update.
- Actively check for updates. Microsoft offers them immediately after releasing each Patch Tuesday.
- Download, install and restart the computer to apply them.
You can review the full fix against the BlackLotus vulnerability, labeled CVE-2023-24932, in this post.
Source: MuyComputer by www.muycomputer.com.
*The article has been translated based on the content of MuyComputer by www.muycomputer.com. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!