Microsoft Has a Nasty Zero-Day Problem

Microsoft is working on a fix for a zero-day exploit that targets Secure Boot, a default security feature that prevents malicious software from running on your machine. While there is an initial patch, the full fix could take until 2024, as Morning Brew reports.

We learned in March from cybersecurity firm ESET about BlackLotus, a UEFI boot-kit sold on hacker forums since last October. BlackLotus is the first-ever malware to bypass Secure Boot on the latest versions of Windows, which means you can’t protect against it by simply updating your PC.

If a bad actor installed BlackLotus on a targeted system, they could completely take over the boot process for Windows OS. That is concerning, but difficult to pull off, since you would need either administrative rights or physical access to the machine.

Secure Boot is a feature included by default on most Windows PCs, as the majority of OEMs turn it on before shipping their machines. It helps that Microsoft makes it a “soft requirement” for Windows 11, highly encouraging companies to enable it unless there is a compelling reason not to.

There is a fix for this issue included in Windows’ May 9 security patch, but it isn’t straightforward. Once you update, you’ll have the option to enable Secure Boot protections, but they won’t activate automatically. You’ll need to verify your PC, then update all bootable media connected to your machine. Microsoft has a link to all bootable and recovery media to update after the patch.