AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to Computer Support/Help/Discussion...  <--  <--- Return to Home Page
   Networked Database  Computer Support/Help/Discussion...   [831 / 1624] RSS
 From   To   Subject   Date/Time 
Message   digimaus    August Abolins   Re: Unpatchable UEFI bootkit bypasses Secure Boot   March 6, 2023
 4:58 PM *  

-=> August Abolins wrote to All <=-

 AA> While researchers have found Secure Boot vulnerabilities in the past,
 AA> there has been no indication that threat actors have ever been able to
 AA> bypass the protection in the 12 years it has been in existence. Until
 AA> now.

Yet Microsoft patched the issue but, as Microsoft is known to do, half-assed
its response:

"BlackLotus exploits a more than one-year-old vulnerability, CVE-2022-21894,
to bypass the secure boot process and establish persistence.  Microsoft
fixed this CVE in January 2022, but miscreants can still exploit it because
the affected signed binaries have not been added to the UEFI revocation
list, Smolar noted."

"Making it even more difficult to detect: BlackLotus can disable several OS
security tools including BitLocker, Hypervisor-protected Code Integrity
(HVCI) and Windows Defender, and bypass User Account Control (UAC),
according to the security shop."

(From: https://www.theregister.com/2023/03/01/blackl...

Glad I don't run Windows anymore.

-- Sean


... "Software is like sex, it's better when it's free" - Linux Torvalds
--- MMail/FreeBSD
 * Origin: Outpost BBS * Johnson City, TN (618:618/1)
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Show Routing
Previous Message | Next Message | Back to Computer Support/Help/Discussion...  <--  <--- Return to Home Page

VADV-PHP
Execution Time: 0.015 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2024 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
v2.1.241108