Sunday November 24, 2024

Advisory ID: NCC-CSIRT-0903-014

Summary:  Cyber security analysts from ESET discovered a BlackLotusbootkit malware, which can bypass security protections on fully updated Windows 11 systems and persistently infect them.The malware is the first public Unified Extensible Firmware Interface (UEFI, which is a software that connects the operating system with the hardware that runs it). The malware can avoid the Secure Boot mechanism, thus being able to disable security protections that come with the operating system.

Vulnerable Platform(s): Windows Operating System

Threat Type:  

  • Malware

Product :   Google Chrome Browser

Version:   

  • All versions 

Description:  According to ESET’s analysis, the developers of the malware have improved it with Secure Boot bypass capabilities that allow it to infect even fully patched Windows 11 systems.Additionally, the malware might be used to damage the memory integrity function, which guards against efforts to hack the Windows Kernel, the BitLocker data protection feature, and the Microsoft Defender antivirus program. Moreover, according to the researchers, the malware can bypass the Secure Boot mechanism by exploiting a Secure Boot Security Feature Bypass Vulnerability.

Consquences:  Attackers may have access to the sensitive information of the compromised systems. 

Impact/Probability: CRITICAL/HIGH

Solution : 

Users should always keep their Windows 11 operating systems and security product up to date.

References: 

https://www.securityweek.com/blacklotus-bootkit-can-target-fully-patched-windows-11-systems/ 

https://www.bleepingcomputer.com/news/security/blacklotus-bootkit-bypasses-uefi-secure-boot-on-patched-windows-11/