Earlier today, Microsoft released the Tuesday May 2023 Patch update for Windows 10, Windows 11, and Server. As always, Patch Tuesday fixes numerous vulnerabilities. Microsoft has released an advisory for one of them that has a pretty serious vulnerability. The Redmond giant has patched the BlackLotus UEFI vulnerability, which is known to bypass tools like Secure Boot, VBS, BitLocker, Defender. Microsoft previously published a guide on how to detect a system compromised by the BlackLotus UEFI boot set.

Microsoft says today’s Patch Tuesday marks the first rollout of the security update:

May 9, 2023 – first phase of deployment

To mitigate CVE-2023-24932, in this release, the May 9, 2023 Windows update will include:

• Windows updates released on or after May 9, 2023 to address the vulnerabilities described in CVE-2023-24932.
• Changes to Windows boot components.
• Two manually enforceable revocation files (Code Integrity Policy and updated Safe Download Ban List (DBX)).

Microsoft has also published the steps to follow to install the update and protect your system:

Important steps must be completed in the following order before proceeding to the next step. If you do not follow all the steps in order, the bootable media will not start.

1. INSTALL the May 9, 2023 update for all supported versions and reboot your device before applying the recall.
2. UPDATE your bootable media with Windows updates released on or after May 9, 2023. If you do not create your own media, you must obtain up-to-date official media from Microsoft or your device manufacturer (OEM).
3. To guard against the vulnerability in CVE-2023-24932, IMPLEMENT a pullback.

You can find more details about the issue in the Microsoft support article here (KB5025885).