New research shows that a unified extensive firmware interface (UEFI) bootkit is capable of bypassing security features. The functionality of the bootkit and its individual features make researchers believe that it is a threat known as BlackLotus, a UEFI bootkit that has been sold on hacking forums for $5,000 since at least October 2022. This bootkit can run on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled.
The bootkit exploits a more than one-year-old vulnerability to bypass security measures and set up persistence for the bootkit. This is the first publicly known, in-the-wild abuse of this vulnerability. Although the vulnerability was fixed in Microsoft’s January 2022 update, its exploitation is still possible as the affected, validly signed binaries have still not been added to the UEFI revocation list.
Educational Webinars, Videos & Podcasts: Receive cutting-edge insights and invaluable resources, empowering you to stay ahead in the dynamic world of security.
Empowering Content: At your computer or on-the-go, stay up-to-date when you receive our eNewsletters curated with the latest technology and services that address physical, logical, cyber and enterprise resilience.
Unlimited Article Access: Dive deep into the world of cybersecurity and risk management leadership with unlimited access to our library of online articles.