Jump to content
  • Microsoft: Latest Patch Tuesdays bring SafeOS Dynamic updates to fix Secure Boot bypass

    Karlston

    • 625 views
    • 2 minutes
     Share


    • 625 views
    • 2 minutes

    Earlier today, Microsoft released its Patch Tuesday updates for Windows 10 (KB5028166) and Windows 11(KB5028185). The company, on its health dashboard website, made an accompanying announcement to explain that it has deployed its second phase hardening against the BlackLotus UEFI bootkit security flaw. A guidance post was also published by Microsoft to help users.

     

    The latest update adds the newest SafeOS Dynamic Update packages for WinRE, and brings easier automated deployment of Secure Boot DBX revocation files. The Secure Boot Forbidden Signature Database or Secure Boot DBX from Microsoft is basically a block-list for blacklisted UEFI executables that were found to be dangerous. (Microsoft also revoked several WHQL-signed drivers that were actually malware with the latest Patch Tuesday).

     

    Microsoft writes:

     

    The release of the July 11, 2023 security updates for Windows starts the Second Deployment Phase in KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. KB5025885 contain the manual steps to verify your environment is ready for the changes and steps to enable the security hardening changes to protect against vulnerabilities tracked by CVE-2023-24932 that can bypass the Secure Boot security feature using the BlackLotus UEFI bootkit.

     

    The Second Deployment Phase in updates for Windows released July 11, 2023 or later add the following:

     

    • Allow easier, automated deployment of the revocation files (Code Integrity Boot policy and Secure Boot disallow list (DBX)).

    • New Event Log events will be available to report whether revocation deployment was successful or not.

    • SafeOS dynamic update package for Window Recovery Environment (WinRE).

     

    Microsoft has updated the changelog for the KB5025885 support article as well:

     

    July 11, 2023

     

    • Updated the instances of the "May 9, 2023" date to "July 11, 2023," "May 9, 2023 and July 11, 2023," or to "May 9, 2023 or later."

    • In the "Deployment guidelines" section, we note that all SafeOS dynamic updates are now available for updating WinRE partitions. Additionally, the CAUTION box was removed because the issue is resolved by the release of the SafeOS dynamic updates.

    • In the "3. APPLY the revocations" section, the instructions have been revised.

    • In the "Windows Event log errors" section, Event ID 276 is added.

     

    In related news, third-party software like Rufus, with its latest beta update, added detection and warning for all such revoked UEFI bootkits. It also added support for ZIP64 and more. Windows configuration tool, NTLite, also added such boot manager revocations.

     

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...