The National Security Agency (NSA) is warning of a known vulnerability in the Microsoft Windows secure startup process that malicious actors could use to bypass Secure Boot protection and execute BlackLotus malware.
In an effort to help enterprise security professionals mitigate this threat, the NSA recently released the “BlackLotus Mitigation Guide” Cybersecurity Information Sheet (CSI) guide which provides an overview of recommended actions to detect and prevent malicious activities associated with BlackLotus.
“Protecting systems against BlackLotus is not a simple fix,” NSA’s Platform Security Analyst Zachary Blum said in a relase. “Patching is a good first step, but we also recommend hardening actions, dependent on your system’s configurations and security software used.”
Given the scale that this vulnerability exists, John Gallagher, Vice President of Viakoo Labs at Viakoo, said it makes sense that NSA would ask organizations to pay attention and make plans to address it.