Microsoft Windows Under Siege: Two Critical Bugs Exploited with Urgent Manual Fix for Secure Boot Vulnerability
Microsoft Windows is under attack from cybercriminals exploiting critical vulnerabilities! This situation is dire, with six out of 38 vulnerabilities classified as essential.
Hackers have already exploited two vulnerabilities – CVE-2023-29336 is a Win32k elevation of privilege vulnerability. At the same time, CVE-2023-24932 is a Secure Boot security feature bypass vulnerability used by the BlackLotus bootkit to infiltrate Windows machines.
BlackLotus used this vulnerability to bypass a patch Microsoft had issued last year, highlighting its severity. Furthermore, another vulnerability has also been publicly disclosed, adding further urgency. Now is the time for action: we must patch these vulnerabilities immediately or risk further system damage.
Hold on tight! A 7.8-out-of-10 vulnerability has been discovered in the Win32k kernel-mode driver, giving cybercriminals access to system privileges on Windows PCs.
The flaw, CVE-2023-29336, is particularly alarming because it often pairs with code execution bugs that allow malware distribution, according to Dustin Childs from Zero Dan Initiative.
According to Jan Vojtesek Milanek and Luigino Camastra of Avast bug hunters, as it was likely discovered and disclosed by them, it should be patched immediately to avoid potentially disastrous outcomes.
Another day, another critical vulnerability was discovered in Microsoft Windows! This time its CVE-2023-24932 comes complete with its own advisory and configuration guidance from the Microsoft Security Response Center (MSRC).
MSRC states that this vulnerability allows attackers to exploit self-signed code at the Unified Extensible Firmware Interface (UEFI) level. At the same time, Secure Boot is active and enabled.
Cybercriminals exploit this flaw primarily as a persistence and defence evasion method. However, an attacker must have physical access or local admin privileges to take advantage of this flaw successfully.
ESET’s Martin Smolar and SentinelOne’s Tomer Sne-or are responsible for discovering and disclosing this vulnerability, with Smolar first notifying the public in March about BlackLotus malware bypassing Secure Boot and being sold on cybercrime marketplaces in October 2022.
Now consumers must follow MSRC guidance to protect themselves from this crucial vulnerability! Warn the people! BlackLotus, a UEFI bootkit available on hacking forums for an estimated $5,000 fee, can run on Windows systems even with Secure Boot firmware enabled, marking it as an alarming development.
Secure Boot is designed to prevent malicious or untrustworthy software from running before the operating system starts. Yet, BlackLotus exploits vulnerabilities in this boot process to load itself before anything else, including security tools or the operating system itself.
It enables it to disable antivirus defences and install a kernel driver, which effectively installs a remote-control backdoor in your machine, receiving instructions from an external server to carry out its malicious intent.
Microsoft released a patch to address an issue in its Windows boot manager; however, the CVE-2023-24932 update was disabled by default and must be manually installed by users to implement protections against this severe threat fully.
Security analyst Will Dorman advised users, “Feel free to weep and consider career change”. To protect their system against further threats, such as the CVE-2023-24932 update, it’s imperative that they take swift action and manually implement it – don’t wait till it’s too late!
Microsoft Windows is currently under attack from cybercriminals exploiting critical vulnerabilities, with six out of 38 vulnerabilities classified as essential. Hackers have already exploited two exposures, the Secure Boot security feature bypass exploit used by BlackLotus bootkit to gain entry to Windows machines.
Even though Microsoft has released patches to address these vulnerabilities, users must manually implement them for maximum protection against these serious threats. Users must take swift action to protect their systems and prevent further damage from happening.