BlackLotus UEFI bootkit can break into fully patched Windows 11 PCs

Security researchers at ESET have published what they claim to be the first analysis of a UEFI bootkit, BlackLotus, which is capable of exploiting fully patched Windows 11 PCs.

Online advertisements for BlackLotus were first noticed in October 2022, costing around $5,000 (£4,167) and the latest version is the first known toolkit of its kind that has the capability to bypass UEFI Secure Boot.

Black Lotus works by exploiting a vulnerability that’s more than a year old (CVE-2022-21894). It was originally fixed by Microsoft in January 2022 but remains exploitable because validly signed binaries haven’t been added to the UEFI revocation list. 

This list is a set of revoked software signatures that were previously approved to run on booting systems.

Usually, such boot kits are stymied by UEFI Secure Boot – a firmware security feature that aims to ensure that only signed software signatures can be loaded during the boot process. 

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy