Advisory ID: NCC-CSIRT-0903-014
Summary: Cyber security analysts from ESET discovered a BlackLotusbootkit malware, which can bypass security protections on fully updated Windows 11 systems and persistently infect them.The malware is the first public Unified Extensible Firmware Interface (UEFI, which is a software that connects the operating system with the hardware that runs it). The malware can avoid the Secure Boot mechanism, thus being able to disable security protections that come with the operating system.
Vulnerable Platform(s): Windows Operating System
Threat Type:
- Malware
Product : Google Chrome Browser
Version:
- All versions
Description: According to ESET’s analysis, the developers of the malware have improved it with Secure Boot bypass capabilities that allow it to infect even fully patched Windows 11 systems.Additionally, the malware might be used to damage the memory integrity function, which guards against efforts to hack the Windows Kernel, the BitLocker data protection feature, and the Microsoft Defender antivirus program. Moreover, according to the researchers, the malware can bypass the Secure Boot mechanism by exploiting a Secure Boot Security Feature Bypass Vulnerability.
Consquences: Attackers may have access to the sensitive information of the compromised systems.
Impact/Probability: CRITICAL/HIGH
Solution :
Users should always keep their Windows 11 operating systems and security product up to date.
References:
https://www.securityweek.com/blacklotus-bootkit-can-target-fully-patched-windows-11-systems/
https://www.bleepingcomputer.com/news/security/blacklotus-bootkit-bypasses-uefi-secure-boot-on-patched-windows-11/