Microsoft has published instructions to fix a serious vulnerability in Secure Boot that affects all Windows systems and is currently being exploited by malicious users.
Normally, this kind of problem would be fixed through monthly updates, but the company from Redmond has chosen a direct approach to reduce the risk of ending up with non-starting devices.
The fix requires some manual steps for now, but will be automatically applied to all supported Windows systems starting next year.
Microsoft's latest Patch Tuesday updates are rolling out for Windows 11 and 10 with several fixes for both operating systems. In the case of Windows 11, cumulative update KB5026372 brings at least 20 changes that improve the user experience, as well as fixes for 38 vulnerabilities and three 0days affecting various Microsoft products.
At the same time, the Redmond-based company released an optional security update that addresses a Secure Boot vulnerability currently being exploited by hackers via the BlackLotus UEFI malware. It affects all supported versions of Windows 11 and Windows 10 and is tracked at CVE-2023-24932.
Ironically, the main purpose of Secure Boot is to protect your computer from loading any untrusted code between when Windows takes over. In other words, it is supposed to prevent hackers from gaining physical access to your machine by injecting malicious code that runs from the “bootkit” and modifies the boot process.
Microsoft says all Windows systems with Secure Boot enabled are affected by the vulnerability. It also affects devices running major Linux distributions.
Microsoft is taking a phased approach to addressing this vulnerability to minimize risks. This means that the fix is already in the latest Patch Tuesday, but for now it requires some manual steps to enable:
1. Install the monthly update released on May 9 or later on all Windows devices and restart them before proceeding to the next step.
2. Inform any bootable media
3. Apply the recalls of Windows Boot Manager to fully protect your systems from attacks that exploit the new vulnerability.
As part of the second phase, Microsoft will release new guidelines on July 11, 2023 with simplified options. The first quarter of 2024 will see the official fix for CVE-2023-24932 and Windows Boot Manager rollbacks automatically applied to all supported systems.
It's worth noting that once you've taken the above steps, you won't be able to revert these changes.
To find out if Secure Boot is enabled on your device, just open the command prompt and run the command “msinfo32” You will see the System Information. Look for an entry called “Secure Boot State”.
