==================================================================<
** Original area : "/grc/securitynow"
** Original message from :
PHolder+NNTP@gmail.com (Paul Holder)
** Original message to :
** Original date/time : 06 Mar 23, 12:48 >==================================================================<
https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
Researchers on Wednesday announced a major cybersecurity find?the
world?s first-known instance of real-world malware that can hijack a
computer?s boot process even when Secure Boot and other advanced
protections are enabled and running on fully updated versions of
Windows.
Dubbed BlackLotus, the malware is what?s known as a UEFI bootkit. These sophisticated pieces of malware infect the UEFI?short for Unified
Extensible Firmware Interface?the low-level and complex chain of
firmware responsible for booting up virtually every modern computer. As
the mechanism that bridges a PC?s device firmware with its operating
system, the UEFI is an OS in its own right. It?s located in an
SPI-connected flash storage chip soldered onto the computer
motherboard, making it difficult to inspect or patch.
...
While researchers have found Secure Boot vulnerabilities in the past,
there has been no indication that threat actors have ever been able to
bypass the protection in the 12 years it has been in existence. Until
now.
...
--- OpenXP 5.0.57
* Origin: (618:500/23.10)