Microsoft patch will turn off old bootable media
How informs edition of Ars Technica, in addition to the initial vulnerability CVE-2022-21894documented in January 2022, you can also bypass Secure Boot protection using a similar problem with the identifier CVE-2023-24932. In both cases, the attackers use standard Windows components. To solve the problem, therefore, we need not only the release of patches, but also a ban on the execution of old legitimate versions of the software. As a result, it will not be possible to run old bootable media.
An attack using these vulnerabilities requires either physical access to the computer or the ability to execute code with administrator rights. If successful, the malware gains permanent and full access to the system, as well as the ability to recover even after reinstallation. According to ESET, the BlackLotus bootkit successfully replaces the regular Windows boot manager with its own. A simple patch cannot solve this problem: attackers can cause a computer to restart and carry out an attack using unpatched, but signed and legitimate versions of Microsoft software. Hence, it becomes necessary to add such libraries to the black list – with a ban on their execution.
What this will lead to is described in detail in the white paper. Online Microsoft. The current version of the patch, which was released on May 9, can only be activated manually, and according to a rather complicated procedure. Administrators now have time to update bootable media. The next update, scheduled for July, will also not be automatic, but the activation procedure will be simplified. Finally, the final step, scheduled for early next year, will be a permanent ban on running Windows boot images created before May 9, 2023.
Such a long time allotted to eliminate a rather dangerous vulnerability is quite justified: we are talking not only about bootable Windows images that can be downloaded from the Microsoft website. Custom media created by IT administrators in companies, as well as backups. The introduction of such a patch can immediately disrupt many processes in organizations, moreover, sensitive processes related to data recovery.
What else happened:
Another similar problem without a simple solution: under investigation Leaked keys for the Intel Boot Guard system that occurred as a result of an attack on MSI. Theoretically, this leak allows you to create malicious versions of firmware for devices from this manufacturer.
Experts of Kaspersky Lab are discussing recent trends in the development of ransomware. Among the predictions for the near future are the expansion of the functionality of such malware (for example, self-propagation), as well as the widespread use of vulnerable drivers for legitimate software.
Fortune Edition tells about the curious conflict of the Google voice control system with the song Where is my mind? pixie groups. At the beginning of the track, the word stop is pronounced. If this song is set as an alarm melody, playback starts and immediately stops, as the smartphone perceives the word stop as a voice command from the user.
The Register informs about Google’s fight against spam in its own calendar. As of recently, Google Calendar only shows meeting requests from known contacts to help filter out spam that exploits this functionality. Naturally, such a seemingly useful innovation immediately broke the compatibility of Google calendars with a number of third-party services that generate appointments for users.
Apple patched Bluetooth module in your own headphones. The update closes a vulnerability that could theoretically allow an attacker to take control of a wireless device.
