Microsoft released its monthly security updates this week, and among all the fixes, a solution stands out against BlackLotus, the first UEFI malware that can bypass Windows Secure Boot. It affects all versions of Windows, so it is advisable to update.

Microsoft publishes every other Tuesday month general security bulletin que addresses known vulnerabilities. Considering the amount of software the company distributes and the hundreds of millions of users/computers it reaches, you can imagine its importance. Like previous monthly patch packs, they are gradually applied to a large set of Microsoft applications and services.

This month of May, 38 patches were published with the number in each category distributed as follows:

• 12 Remote Code Execution Vulnerabilities
• 8 increasing the level of privilege vulnerability.
• 8 information disclosure vulnerabilities.
• 5 Denial of Service Vulnerabilities
• 4 Security flaws related to bypassing security features
• 1 phishing vulnerability.

Let’s say 6 of them are critical and 3 are 0-day, actively used by cybercriminals in computer attacks and for which no solution has yet existed. Particularly dangerous is the so-called BlackLotus, a malware discovered last October by Kaspersky researchers that was being sold on cybercrime markets.

Very dangerous, it is a bootkit UEFI, which is implemented in firmware computers and allows full control over the boot process of the operating system, allowing to disable security mechanisms at the operating system level and deploy any payload during boot with administrative rights. A huge threat to the computer environment due to its ability to bypass security defenses even when enabled in BIOS/UEFI.

Malware takes advantage of this, including its own copies of legitimate but compromised binaries disable system security tools such as BitLocker and Windows Defenderand bypassing User Account Control. It also implements a kernel driver and an HTTP downloader.

How to install Microsoft security patches

The easiest way to install and apply security updates on client computers is to from system settings:

• Press the keyboard shortcut “Windows + I” to open the Settings tool.
• Go to Update & Security > Windows Update.

• Actively check for updates. Microsoft offers them immediately after the release of each Patch Tuesday.
• To use them, download, install, and restart your computer.

You can view the full patch for the BlackLotus vulnerability, labeled CVE-2023-24932, in this post.