Sign In

Communications of the ACM

ACM TechNews

Stealthy UEFI Malware Bypassing Secure Boot Enabled by Unpatchable Windows Flaw

View as: Print Mobile App Share:
Artist's representation of the BlackLotus malware.

While researchers have found Secure Boot vulnerabilities in the past, there has been no indication that threat actors have ever been able to bypass the protection in the 12 years it has been in existence. Until now.

Credit: Aurich Lawson/Getty Images

Researchers at Slovak cybersecurity firm ESET have found the first real-world case of Unified Extensible Firmware Interface (UEFI) malware that can take over a computer's boot process even with Secure Boot enabled and running on fully updated versions of Windows 10 and 11.

The UEFI package, dubbed BlackLotus, exploits the Baton Drop logic flaw in all supported versions of Windows that Microsoft patched last January.

ESET's Jean-Ian Boutin explained, "Even though the vulnerability is old, it is still possible to leverage it to bypass all security measures and compromise the booting process of a system, giving the attacker control over the early phase of the system startup."

The only current BlackLotus infection prevention measure is to install all available operating system and application patches, which will compound the installer's difficulties in acquiring administrative privileges.

From Ars Technica
View Full Article


Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account