For the first time, Bootkit bypasses Windowsâ UEFI Secure Boot
ArchyNewsy
Red alert for Windows users: ESET researchers have identified a bootkit that is capable of bypassing key security features of UEFI Secure Boot â a security system in Windows. Even a completely up-to-date Windows 11 system with activated Secure Boot does not pose a problem for the malicious program. Based on the functionality of the boot kit and its individual characteristics, the experts at the European IT security manufacturer assume that the threat known as BlackLotus is involved. The UEFI boot kit has been sold for $5,000 on hacker forums since October 2022.

BlackLotus exploits a vulnerability (CVE-2022-21894) that is more than a year old to bypass UEFI Secure Boot and permanently implant itself in the computer. This is the first known exploit of this vulnerability in the wild. Although the vulnerability was fixed with the Microsoft January 2022 update, its abuse is still possible. This is because the affected, validly signed binaries have still not been added to the UEFI block list. BlackLotus exploits this by bringing its own copies of legitimate â but more vulnerable â binaries onto the system.

https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/
Link: https://www.archynewsy.com/for-the-first-time-bootkit-bypasses-windows-uefi-secure-boot/