Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Microsoft’s May 2023 Patch Tuesday updates comprise just the sort of mixture you probably expected.

If you go by numbers, there are 38 vulnerabilities, of which seven are considered critical: six in Windows itself, and one in SharePoint.

Apparently, three of the 38 holes are zero-days, because they’re already publicly known, and at least one of them has already been actively exploited by cybercriminals.

Unfortunately, those criminals seem to include the notorious Black Lotus ransomware gang, so it’s good to see a patch delivered for this in-the-wild security hole, dubbed CVE-2023-24932: Secure Boot Security Feature Bypass Vulnerability.

However, although you’ll get the patch if you perform a full Patch Tuesday download and let the update complete…

…it won’t automatically be applied.

To activate the necessary security fixes, you’ll need to read and absorb a 500-word post entitled Guidance related to Secure Boot Manager changes associated with CVE-2023-24932.

Then, you’ll need to work through an instructional reference that runs to nearly 3000 words.

That one is called KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932.
Bleeping Computer:
Microsoft:
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,449
I received an automatic update this morning from MS, "Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.389.883.0)"
and Dell, which updated the bios. I wonder if it was related to this original post?
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,629
I checked and the bios was released in April but it was automatically installed by windows this morning, I also checked the Defender update and it had a changelog a mile long, almost all of which were critical.
If it was the same version you see on the website that got installed, then no. It is not related to the bootkit situation. If it is newer, then Dell has not updated their website yet.

This update fixed quite a lot of CVEs.
 

WhiteMouse

Level 5
Verified
Well-known
Apr 19, 2017
234
I haven't tested this patch, so take this post with a grain of salt. After enabled, the patch will add "SKUSiPolicy.p7b" to EFI partition. This is a Microsoft-signed WDAC policy, so you can't just simply reinstall Windows using media with older version than 22601.1702 or restore the image create before the policy applied, because it doesn't have "SKUSiPolicy.p7b" in the EFI partition. Doing so will cause Windows unable to load. In case you want to restore the image created before the policy applied, disable secure boot first, and re-enable it after restore process is completed.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,629
and they're busy adding useless features
How dare you!
All of the Microsoft features are necessities created to solve serious problems and provide high value.

Well to be honest compared to literally everything else Microsoft has ever done, the secure boot remained true to its name for quite some time. Unfortunately if bypasses to it become more common and it always takes forever to get a fix, it will be just as secure as many other Microsoft implementations (like simple example, the “topical” Mimikatz patches that never worked).
 

Captain Holly

Level 5
Verified
Well-known
Jan 23, 2021
227
I have been watching this thread and other sites too about this bootkit problem. I have been reluctant to say anything about it, and there is a lot about it that I will never understand. The main thing I do understand is this is MS' way of fixing this problem, it will take a long time and seems that when it is over if it goes the way MS has planned, there could be a lot of bricked computers out there and/or possibly the boot fix may not even work at all. I don't know what to think about all of that. It just seems to me that MS has really been going down the wrong path for a long time.

This is not meant to disparage MS or anyone who uses Windows but just for myself, personally I am ready now to make a permanent switch to Linux. I am pretty tired of MS/Windows problems and complications. For the last two months I have been using Windows less and less while learning Linux Mint. Mint may not be 100% perfect either but for my use it has been very solid and reliable. I did have a couple of minor problems with it but they were my own fault and not due to anything wrong with the OS itself. I will still use my Windows 10 laptop from time to time and keep it updated but right now I really feel like I am beyond done with MS and Windows 11.

C.H.
 

Captain Holly

Level 5
Verified
Well-known
Jan 23, 2021
227
I said my goodbyes to Windows 11 earlier today, reinstalled Mint and let it remove Windows. The more I use Linux the more I feel I made the absolute right decision. The default Firefox on Mint is fast, light, it feels very snappy and the OS just continues to be very reliable and easy to use. I don't see myself going back to Windows 11 anytime soon.

C.H.
 
  • Like
Reactions: Trident

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,629
I said my goodbyes to Windows 11 earlier today, reinstalled Mint and let it remove Windows. The more I use Linux the more I feel I made the absolute right decision. The default Firefox on Mint is fast, light, it feels very snappy and the OS just continues to be very reliable and easy to use. I don't see myself going back to Windows 11 anytime soon.

C.H.
I personally find Cinnamon, MATE and Xfce environments repulsive due to the Windows similarity. Gnome 44 is very refreshing and Ubuntu is now more secure. Ubuntu and Debian are my favs.
 

Captain Holly

Level 5
Verified
Well-known
Jan 23, 2021
227
About a month ago I tried Ubuntu and Zorin to compare them to Mint. Zorin is beautiful but I just could not get the hang of it or Ubuntu. I might try either one again some time in the future but for now I just want to keep using Mint and learning as much as I can about Linux itself.

C.H.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top