Microsoft has taken a significant step in bolstering the security of its Windows operating systems by introducing a PowerShell script designed to address the 2023 BlackLotus Secure Boot vulnerability. This update specifically targets Windows-bootable media, ensuring that it aligns with the latest Secure Boot Certificate Authority (CA) update released in February 2024.
The new Secure Boot CA replaces the outdated CA from 2011, which had been in place since the era of Windows 8. As this older CA approaches its expiration in 2026, the transition to a more modern authority is not only timely but essential for maintaining the integrity of Windows security protocols.
Certificate Authorities play a crucial role in managing the authenticity and validity of key Windows components, including bootloaders, drivers, and firmware. By updating these certificates, Microsoft aims to enhance the overall security framework of its operating systems.
Update against BlackLotus vulnerability
The newly released PowerShell script, designated as KB5053484, enables Windows-bootable media to trust the previously issued Windows UEFI CA certificate. This update is particularly important as it addresses the BlackLotus Secure Boot vulnerability, identified as CVE-2023-24932, which has posed a risk since mid-2023.
This vulnerability allows malicious actors to circumvent Secure Boot functionality in both Windows 11 and Windows 10. While exploitation requires physical access or administrative rights to a device, the implications are serious, as attackers can inject harmful code at the UEFI level, compromising Windows devices right from the boot process. Notably, the Secure Boot CA introduced in 2023 lacked the necessary measures to counter this vulnerability, making this update all the more critical.
Microsoft has made this update available immediately, reinforcing its commitment to safeguarding user systems against emerging threats.
Also read: Critical Windows kernel vulnerability easily escalates system privileges
