![]() We invite you to check out ESET’s blog post for more details. However, customers can mitigate the attacks by reinstalling the operating system on infected Windows systems and removing the attackers’ (Machine Owner Key) MOK key with the mokutil utility. What are the mitigations and remediation strategies to block the BlackLotus malware?ĮSET recommends that organizations should keep their Windows PCs and security solutions updated to block the attack vector. Moreover, the HTTP downloader is designed to download and execute payloads. The kernel driver prevents users from removing the bootkit files from ESP. BlackLotus execution overviewĪdditionally, BlackLotus enables malicious actors to deliver a kernel driver and an HTTP downloader. These include Windows Defender, Hypervisor-protected Code Integrity (HVCI), and BitLocker encryption. ![]() It allows the hackers to disable various security tools on the victim’s machines. ![]() The attackers leverage the CVE-2022-21894 vulnerability to deploy the bootkit’s files to the EFI system partition (ESP). Moreover, a proof-of-concept for the vulnerability has been publicly available since August 2022.Īccording to ESET malware analyst Martin Smolár, the flaw can still be exploited because the signed binaries have not been added to the UEFI revocation list. Microsoft patched the security flaw in January last year. It exploits a year-old CVE-2022-21894 vulnerability to bypass the secure boot process on Windows systems. ![]() Kaspersky first discovered the BlackLotus bootkit back in October 2022. Almost all modern hardware with UEFI firmware supports this feature, which ensures that Windows PCs will only boot with trusted programs from the Original Equipment Manufacturer (OEM). Secure Boot is a security feature that prevents unauthorized software (malware) from running on Windows machines. The research warned that the BlackLotus flaw can now bypass Secure Boot even on fully updated Windows 11 PCs. So that’s how you can open the BIOS in Windows 11. The security researchers at ESET issued a security advisory about the BlackLotus vulnerability this week. Open BIOS or UEFI Settings on Your Windows 11 PC.
0 Comments
Leave a Reply. |