When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft fixes BlackLotus UEFI Secure Boot security flaw on Windows 11, Windows 10, Servers

Neowin · · Hot! with 4 comments

Update: Since publishing this, Microsoft made additional clarifications and corrections which are available below the original article.

A modified red Windows 11 logo indicating a known issue

Microsoft released Patch Tuesday updates for the month of May 2023 earlier today for Windows 10, Windows 11, and Server. As always, Patch Tuesday fixes multiple security vulnerabilities. Microsoft has released a guidance document for one of these which is a pretty major security bug. The Redmond giant has patched the BlackLotus UEFI security flaw which has been known to bypass measures like Secure Boot, VBS, BitLocker, Defender. Microsoft had previously already published a guide on how to detect a system compromised by BlackLotus UEFI bootkit.

Tracked under CVE-2023-24932, Microsoft says that today's Patch Tuesday marks the initial deployment phase of the security update:

May 9, 2023 - Initial Deployment Phase

In this release, to mitigate CVE-2023-24932, the Windows Updates for May 9, 2023 will include:

  • Updates for Windows released on or after May 9, 2023 to address vulnerabilities discussed in CVE-2023-24932.
  • Changes to Windows boot components.
  • Two revocation files which can be manually applied (a Code Integrity policy and an updated Secure Boot disallow list (DBX)).

Microsoft has also published the steps to be taken to install the update and secure the system:

Important Steps must be done in the following order and completed before moving to the next step. Bootable media will fail to start if all steps are not completed in order.

  1. INSTALL the May 9, 2023, updates on all supported versions and then restart the device before applying the revocations.
  2. UPDATE your bootable media with Windows updates released on or after May 9, 2023. If you do not create your own media, you will need to get the updated official media from Microsoft or your device manufacturer (OEM).
  3. APPLY revocations to protect against the vulnerability in CVE-2023-24932.

You can find more details on the issue Microsoft's support article here (KB5025885).

Update: Microsoft has made some changes to its support article since we published it. A cautionary note was added related to "Deployment guidelines". Some commands were also rectified. There are many more changes other than these two. The changelog till May 11, 2023 are given below:

May 11, 2023

  • Added a CAUTION note to Step 1 in the "Deployment guidelines" section about upgrading to Windows 11, version 21H2 or 22H2, or some versions of Windows 10.

May 10, 2023

  • Clarified that downloadable Windows media updated with the latest Cumulative Updates will soon be available
  • Corrected the spelling of the word "Forbidden"

May 9, 2023

  • Added additional supported versions to the "Applies to"section
  • Updated Step 1 of the "Take Action" section
  • Updated Step1 of the "Deployment guidelines" section
  • Corrected the commands in Step 3a of the "Deploment guidelines" section
  • Corrected placement of Hyper-V UEFI images in the "Troubleshooting boot issues" section

You can view the support article under KB5025885 here.

Report a problem with article
The WhatsApp logo
Next Article

WhatsApp says mic usage in background on Android devices is due to an Android bug

xbox app for windows preview
Previous Article

New Insider preview build of the Xbox App for Windows adds new notification center and more

Join the conversation!

Login or Sign Up to read and post a comment.

4 Comments - Add comment