Microsoft Secure Boot Bug

Microsoft is currently patching a zero-day Secure-Boot bug.

The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has been enabled by default for over a decade on most Windows PCs sold by companies like Dell, Lenovo, HP, Acer, and others. PCs running Windows 11 must have it enabled to meet the software’s system requirements.

Microsoft says that the vulnerability can be exploited by an attacker with either physical access to a system or administrator rights on a system. It can affect physical PCs and virtual machines with Secure Boot enabled.

That’s important. This is a nasty vulnerability, but it takes some work to exploit it.

The problem with the patch is that it breaks backwards compatibility: “…once the fixes have been enabled, your PC will no longer be able to boot from older bootable media that doesn’t include the fixes.”

And:

Not wanting to suddenly render any users’ systems unbootable, Microsoft will be rolling the update out in phases over the next few months. The initial version of the patch requires substantial user intervention to enable—you first need to install May’s security updates, then use a five-step process to manually apply and verify a pair of “revocation files” that update your system’s hidden EFI boot partition and your registry. These will make it so that older, vulnerable versions of the bootloader will no longer be trusted by PCs.

A second update will follow in July that won’t enable the patch by default but will make it easier to enable. A third update in “first quarter 2024” will enable the fix by default and render older boot media unbootable on all patched Windows PCs. Microsoft says it is “looking for opportunities to accelerate this schedule,” though it’s unclear what that would entail.

So it’ll be almost a year before this is completely fixed.

Tags: Microsoft, vulnerabilities, zero-day

Posted on May 17, 2023 at 7:01 AM • 17 Comments

Comments

K.S. • May 17, 2023 7:54 AM

I am not convinced that additional security provided by secure boot offers an average user with sufficient value to offset the loss of backwards compatibility. I suspect, without evidence to back it up, that this might be another way Microsoft forcing migration to Windows 11.

The Spied Upon One • May 17, 2023 8:40 AM

Well, “Hello W…, um, Linux”

Peter A. • May 17, 2023 9:06 AM

So if I already have W11 or upgrade to W11 and later get this patch installed forcibly I would never be able to boot a different OS on that computer?

What about new computers bought after the deadline?

Wannabe techguy • May 17, 2023 9:06 AM

@ K.S.-Noo why would they do that? Yeah right. lol

Nick Alcock • May 17, 2023 9:19 AM

Rj: it adds to the secure boot revocation list in flash, which is consulted by the boot ROM. No changes to the boot code are needed — but of course it’s going to break older boot disks etc. (Things run from boot drives that are not written by Microsoft will presumably use other keys, which MS has not revoked — I hope. At least I hope they only revoked the signatures used by their own bootloader and not things like shim that they signed on behalf of other people. From their list of affected media, my hope seems to be borne out. But of course that doesn’t help people using things like Windows emergency boot disks, Windows On-The-Go etc etc.)

Clive Robinson • May 17, 2023 10:21 AM

@ ALL,

Blackloutus has been around for a while, and this Microsoft fix is not exactly going to eliminate it or similar…

We’ve seen Blackloutus bounce back before, and it will be able to again, all be it with more difficulty once this Microsoft “walled garden” has been deployed. The thing is though “more difficult” is very relative thus very rarely an impediment, once the ball has started rolling profitably.

So to @Rj and @K.S. yes it does look like a software,”lockin method”.

But… If you are using an older MS OS,

1, Where are you getting your drivers from with newer hardware?
2, Or new drivers for old hardware?

This tends not to be a problem with Linux and supported hardware (Nvidia is not nor ever likely to be supported due to shall we say “Managment Perspective”).

So it’s not just Microsoft gaining by this, many hardware suppliers will as well… as users find their perfectly functional devices “obsoleted”… Which begs the question as to why the EU has not stuck it’s political hoof in with regards long standing directives to do with “Waste Electrical and Electronic Equipment”(WEEE) and similar legislation?

As @Nick Alcock points out it’s not software that is being changed but the rather questionable storage of a revocation list in the hidden EFI storage[1].

Whilst there are tools around that will enable you to change this storage (hence how Blackloutus can get back) the other way around it is to turn secure-boot off if the manufacturer of the motherboard alows it and the likes of HP tend not to…

The thing is there is no way to have the freedom to do what you want with the hardware you’ve purchased, as well as have “secure boot” enabled for that potentially minimal extra security improvment.

Why “minimal security improvment”? Well remember the Microsoft warning given above of,

“either physical access to a system or administrator rights on a system”

Both of which have happened in the past and will continue to happen again and again well into the future. So if you or someone you know or work for is “a person of interest” then Secure-boot won’t be secure for you at all…

Remember all this nonsense has come about due to major Silicon Valley Corps and various factions in the Entertainment industry.

Google and Apple moved the nonsense forward with their “walled gardens” that do not give a user security or stability, and denys them much they might find usefull, but it does give both Google and Apple a nice slice of a developers income (much like the games machine industry).

So this is just another step in pushing users down a road into a nasty trap… For instance ask an average user to update/install MS Win11 without being forced online and having to set up a Microsoft On-line account…

Welcome to the world of rent seeking, tithing and having no ownership rights…

It’s one of the reasons I’ve no systems with such nonsense on them and I won’t be buying one. There are alternatives but they are growing less by the day for the average user.

[1] Ever since the “Fritz Chip” and DRM pushed by the likes of Disney and other Entertainment IP holders there have been fairly public questions hanging over “signed boot code” and who owns the signing keys… Less public is what’s in the chip already? That is if you have a Chinese Chip Motherboard, do you know if there has been a “Supply Chain Attack” and an extra more hidden set of signing keys hidden away?..

Nick Alcock • May 17, 2023 10:45 AM

@CliveRobinson, I’m not sure it’s “questionable” to have a list of known-broken bootloaders whose keys have been leaked or which are known insecure — the whole shebang is useless otherwise or an attacker could just use a downgrade attack as soon as any bootloader, ever, is found to be insecure. Secure boot without attestation has nothing to do with DRM, and is not anticonsumer as long as the consumer is given the right to add new keys: its purpose is preventing things being booted which the user is not expecting to be booted, that’s all, and preventing the booting of compromised OSes (which were uncompromised when they were installed, i.e. they’ve been modified, almost certainly by malware).

Secure boot with no ability to add keys is obviously toxic as hell, as is remote attestation (since it allows remote systems to refuse to deal with you if you dare to take control of your own machine) — but the basic idea of secure/measured boot seems fine and actually does what it says it does.

Mexaly • May 17, 2023 10:51 AM

Hardware is fragmenting anyway.
You have more viable options than before.
If uSoft wants to drag Intel down with it,
Intel may very well just go along.
There’s a new King of the Mountain anyway.

JonKnowsNothing • May 17, 2023 12:58 PM

@All

re: Circular Firing Line

A few predictions ymmv

1) This will never see the light of day in the current format

2) Anyone attempting to deal with the roll out of this auto-magic fix, will be wanting to retire about 4 weeks before release date

3) Anyone left after the release date will be filing for disability, retirement, FMLA (family leave) within 24 hours

4) Anyone unable to get disability, will set their inbound call and message filters to go link dead for all calls with corporate prefix and all customer phone connections

5) Better yet, just perma disconnect by dropping corporate phone in the pool or jacuzzi and use a burner phone to contact a job recruiter touting: “Experience with M$ code roll back” , for 20x current salary level

6) M$ will be getting plenty of heat once they brick an important archive, backup system or restore device. Especially if it belongs to the 3L crowd. (see Cheyenne Mountain Complex, Colorado)

7) Every government organization below the Federal level will implode. Their systems are antique, they have no IT.

8) The Federal Reserve, US Banking system, SWIFT will have One More Reason to fail: Up or Down

9) Every health care system in the USA (maybe global) will implode. Next EKG or Auto-Lab Blood Panel report will be Not Soon and History Look-Backs might be shorter than expected

10) For every device impacted, expect 5x 10x 100x increase in electronic waste landfill yardage

11) No M$ programmer will ever want to put this project on their resume, unless they plan to go on the Talk Circuit.

12) Congressional Committee meeting #1,000,000,000: How M$ Brought Down The Internet and Why Didn’t We Know? will not happen in my life time.

Clive Robinson • May 17, 2023 2:57 PM

@ Nick Alcock,

“I’m not sure it’s “questionable” to have a list of known-broken bootloaders whose keys have been leaked or which are known insecure”

If and only if that is all, and it’s fully auditable as such… And it meets your requirment of,

“as long as the consumer is given the right to add new keys”

And,

“Remove / replace,keys they don’t want on their system”

For all types of key.

As @Winter noted the other day corporates are required to behave like psychopaths by legislation, regulation, and their shareholders. Thus the directors and executives have to be or behave as psychopaths in turn.

Such people have no mores, morals and ethics, as far as society is concerned. We’ve already seen this from the comments of Microsoft’s Chief economist Michael Schwarz at the World Economic Forum meeting the other day,

https://arstechnica.com/tech-policy/2023/05/meaningful-harm-from-ai-necessary-before-regulation-says-microsoft-exec/

OK he was talking about a harm not yet having happened from AI, but feel through the attitude that says,

1, Microsoft and other Silicon Valley “big boy” Mega Corps can do what they like, free of regulation and legislation.

2, Other “little guys” must be subject to regulation and legislation immediately so they have a stifling burden to carry and basically be unable to compeate with the “Big Boy” Mega Corps.

3, Legislation and regulation for the likes of Microsoft, Meta-Facebook, Alphabet-Google, must not happen untill very significant harms to society have already happened.

Now ask yourself why a number of motherboard vendors have taken away control of secure-boot from users, as have certain commercial software houses…

Maybe you are more optomistic about Silicon Valley Mega-Corps than I am, but my experience from fourty years of dealing with Microsoft starting of with 8bit CPU hatdware is,

“Don’t trust them a millimeter let alone an inch…”

And I can see I’m not the only one.

bcs • May 17, 2023 2:59 PM

The ability to update the revocations seems like an opportunity for a saboteur to brick a system.

Xavier N. • May 17, 2023 7:51 PM

Re: “render older boot media unbootable on all patched Windows PCs”

This gives me the feeling that there’s something wrong with the design. Switching boot media is generally a rare occurence, which means user interaction should not be a major concern. So, why wouldn’t one just need to confirm, via physical presence, the installation of each new bootloader key (or the booting of removable media)? An exception could perhaps be made for a new key signed by the old one, to allow the one-way upgrading of each installation. The firmware could keep track of which keys are allowed for each partition UUID and media serial number, so as not to break other operating system installations.

The style of revocation being proposed makes sense as a defense-in-depth measure, to guard against old removable media that might contain malware (of course, the hashes of known-good firmware could be excepted—any sane person will run a software update right after installation anyway). It shouldn’t be necessary for basic security on existing installations, and there should be a quicker option.

I think Bruce’s statement that “it takes some work to exploit” is overly optimistic. The exploit requires “either physical access to a system or administrator rights”, which is to say it only requires administrator rights. That’s a thing that attackers manage frequently enough.

Jakub Skalicky • May 18, 2023 10:28 AM

The phased and long-term rollout of the fix is not unusual for Microsoft, the same applied for DCOM authentication over two years (fix available, fix enabled by default, but possible to turn it off, fix enforced).

JonKnowsNothing • May 18, 2023 2:52 PM

@Jakub Skalicky

re: Fix Status: none, few, some, none

It would behoove M$ to make sure any auto-magic fixes heading to US Banking and the Federal Reserve are set to NEVER.

It also means a continuation of the (STATE: few, some, none) that exists with all upgrades. There is a tail to the bell curve and not all of it is due to (fill in the blank)-users. Continuity is fragile and only as good as the memory of the people directly involved; proportional to Boss’s Orders.

RL anecdote; tl:dr

A commercial institution, trading on the stock exchanges, was required to file all their quarterly reports via a special portal, using a special version of markup-markdown language. The software came in a box, with many dire warnings.

Things went well, until the Boss’s Orders decided the person doing the submission did not need the PC. Dutifully, another member of staff grabbed it (see: games downloading).

No one could countermand the Boss’s Orders, until it was pointed out that

a) Their quarterly filing was going to be NIL resulting in serious financial penalties for missing the filing date

b) The dire warning clause was there for a reason; did they really want to test it out?

vas pup • May 18, 2023 7:46 PM

IBM buys Israeli cybertech startup to automate cloud data protection management

https://www.timesofisrael.com/ibm-buys-israeli-cyber-startup-to-automate-cloud-data-protection-management/

“US tech giant IBM has acquired Israeli cyber startup Polar Security, a developer of an automated data security platform to track and protect sensitive data across hybrid cloud-based systems.

!!!=>The Tel Aviv-based startup has built a so-called data security posture management (DSPM) platform, an emerging cybersecurity technology that tracks where sensitive data
is stored, who has access to it, and how it’s used, and detects potential data vulnerabilities and compliance violations. It creates reports with the most pressing security risks and compliance violations and provides an analysis of the underlying
causes and practical recommendations to address them.

“The integration of Polar Security’s technology into IBM’s cybersecurity solutions adds an important layer of observability onto corporate data – the fuel that drives the digital economy – and empowers the ways to protect it wherever it resides,” said IBM Israel manager Shai Banaim. “IBM’s advanced technology and security solutions currently protect the corporate information of thousands of companies, including some of the global leaders in finance, industry, infrastructure, transportation and energy – and shape the next generation of cybersecurity.”

“While companies are moving extensive amounts of their data to the public cloud and SaaS applications, they lack visibility of where their sensitive data is, who can access the data, and where that data is going,” said Shanny. “A lethal combination that
makes it very difficult to prevent data exposure and compliance violations.”

Devil’s Advocate • May 19, 2023 6:40 AM

And yet, despite all the ‘wise’ words here, the impact they will have on this issue will be minimal or none

Matt M • May 19, 2023 10:10 PM

This is a serious vulnerability in secure boot. But, this needs to be taken in the wider context that secure boot isn’t really that useful to ordinary consumers anyway. Maybe secure boot might be useful for something like the firmware on a guided missile (don’t want somebody to load alternative software on a guided missile, lol), but for consumer devices… It’s a solution looking for a problem. Secure boot is turned off on my machine anyway. Yes, secure boot can mitigate an “Evil Maid Attack”, but it won’t do any good against an attacker that is willing to spend $45 on one of these.

https://www.keelog.com/usb-keylogger/

Microsoft Secure Boot Bug

Comments

Leave a comment Cancel reply