BlackLotus UEFI Bootkit Patching & Mitigations
Learn how to protect your enterprise from the BlackLotus UEFI Bootkit with Microsoft’s latest deployment guidance and secure boot mitigation strategies. In this in-depth technical discussion, cybersecurity experts break down Microsoft’s February 2025 enterprise deployment guidance for mitigating the BlackLotus UEFI Bootkit (CVE-2023-24932). We cover the critical certificate updates, potentially irreversible changes to secure boot configurations, and why Microsoft isn’t automatically rolling this out to enterprises.
TRANSCRIPT
Chase Snyder (00:00)
Wes I was glad you mentioned Black Lotus a minute ago because I feel there's a related topic we talked about a little bit with this Windows 11 update. Or not related, but sort of a similar situation where, okay, I guess background. Black Lotus was a UEFI boot kit tracked as CVE 2023-24932. So UEFI boot kit from a couple years ago that made a pretty big splash.
I think at the time it was like a very serious, serious issue. And I thought, I started looking into it recently for some reason to realize that Microsoft has published an enterprise deployment guidance for the Black Lotus UEFI Bootkit this year. In February of 2025, they published this enterprise deployment guidance. And it basically says, we're not going to roll this out to enterprises ourselves. We're just publishing this guidance so you can control your deployment plan.
in your timing of deployments. And it specifically references that because there is a huge combination of device hardware and firmware and Microsoft is unable to test all of those combinations, you need to test the representative devices in your environment before deploying them broadly. Doing the mitigation means that you need to add the new Windows UEFI CA 2023 certificate and untrust
Microsoft Windows Production PCA 2011 certificate and it's essentially going to be an irreversible change. You're not once once you do that, you can't go back and and still use secure boot and I've been seeing discussion online on like reddit and Spiceworks and stuff that references an enforcement period that Microsoft is maybe gonna have but they haven't put a date on it yet where essentially it's like if you haven't deployed these black lotus mitigations
yet. Something bad happens. don't know, your devices get bricks. They blanket revoke the 2011 cert and then anybody that still has that is S.O.L.
Paul Asadoorian (02:08)
I still think it's recoverable, what I think I'm hearing is that you need to swap out your your KEK or your key exchange key.
Speaker 2 (02:16)
Yeah, I mean that's effectively exactly
Speaker 3 (02:20)
Yeah, that's part of your chain of trust for secure boot, right? You've your PK, your platform key, got your key exchange key, and then you've got two variables, your DB, which is the allow list, and then you've got your DBX, which is your revocation list. And all of that comes into play when there's a piece of software that's involved in booting your computer that has a vulnerability, has to be revoked, right? Or I don't know why they're swapping out the KEK and not using the..the DB that's interesting, but there was a reason for that. feel like my Microsoft explained it. Do you remember what that was? I think it was expired. Was it their certificate expiring? I think that's what it was.
Wes (02:55)
Well, mean, there's a difference.
Chase (03:00)
Yeah.
Wes (03:00)
It's one, the certificate's expiring and two, â“ maneuvering towards the opportunity to add more things to DBX. â“ So, correct. And part of the reasoning behind that is that there's now so many flavors of Black Lotus that the DBX is getting rather large.
Paul (03:11)
Ask to do SBAT.
Wes (03:24)
You know, at this point, their typical next step is to revoke the key that they're using above. And when you get to the point where they're at, where they need to revoke, you're now revoking legitimate bootloaders and boot components that are going to cause a lot of systems to be bricked. Now, I mean, to your point, yeah, is it recoverable? Sure. Is it recoverable by the common person? Absolutely not.
Paul:
No, because if you bork it good enough, that's a technical term. You have to go into your UEFI BIOS and manipulate the keys through the BIOS menu is how I would my first thing would be how to recover it.
Wes (04:00)
You know what I would tell anybody affected by that? Reinstall. That's the only thing that's going to really fix it for you.
Paul (04:06)
Well, would it though? Would reinstallation update your keys?
Wes (04:12)
Yeah, it would attempt to go in and re-add.
Paul (04:16)
Yeah, I gotcha. It'll re-add the key Right, because the key exchange key signs the DB and the DBX, because it's a root of trust. it's safeguarding those allow lists and deny lists on your system, which are all stored as UEFI variables, right? They're just data in a variable that's stored on the spy flash on your computer in UEFI. But there's protections, obviously.
Around those, but there's also facilities to update them like when we talk about you update them from your operating system. So those variables can be manipulated. There's not a boot service. Not a boot services variable. Those can't be once the operating system is loaded modified. It's a what do they call the ones that can be modified West? I forget the term. I don't know services user service. There's another name for that type of variable.
Yeah, so chase that this is why people have a lot of questions because it's. Wes and I have been doing this for a long time and like studied it and you know our product is centered around around this stuff. But if you haven't done secure boot updated all this stuff, it can be very confusing. It's very confusing â“ to be quite honest.
Wes (05:28)
Well, you know, it's also part of this is a bit of a I'll call it a chicken and egg problem is so what do you revoke and and you know, do you end up revoking the things that like Black Lotus, for example, or do you revoke the key that there that is signing all the things that that, you know, is the Black Lotus is using. A few years back now, we actually found another major manufacturer that was including a utility that was, we'll say, less than secure in the boot process. It was one of those things where it was found to be, effectively, think of it like a backdoor that was added in, that was easily susceptible to do nefarious things within the operating system through this utility. â“ But what ended up happening is you had this deployed on you know, let's just say thousands of copies of firmware that existed out there for various models. And the question is, is do you revoke each one of those and fill DBX or do you revoke the key that's also been used for legitimate things?
And then now end up bricking a whole bunch of devices out there. Or do you go the route that Chase is mentioning where you have a set long duration where you're going to go and do this and you're going to do things more securely, but you have a period that you work up towards. hopefully by that time they've upgraded to Windows 11, they've installed Windows updates, which has stepped them forward in this process.
There's still going to be that point where you've got to flip that switch and there's going to be that small percentage that's affected. And, you know, these are also probably the same types of folks that are, you know, either not using secure boots or not prepared for windows upgrades. And, you know, all of this comes together to, if you're doing things right, you're probably going to have an easy job. If you're, if you're not doing things right,
You're in a world of pain that you just don't even know about just yet.
Paul (07:33)
Yeah, and our latest rounds of enhancements will help you with this in that I've worked with research and engineering on many of these features and some of them are specific to secure boot in that it will now our product will now tell you, hey, you've got a bootloader, let's say, that is in a DBX update revocation list, which you haven't applied. Right. That's something you want to know about.
Whereas maybe previously we would have said, well, your DBX is out of date, which is enough. But then it's kind of, you're on your own to go, well, what bootloaders do I have? And will that update invalidate my bootloader, which means the system's not going to â“ with secure boot. Secure boot is going to stop it. So there's all these interesting scenarios â“ that we've enhanced to tell you, give you some more of this telemetry because it is complex. And there's a lot of just a lot of different scenarios that
You should be aware of that some could be suspicious. Some are like, hey, you've got an EFI shell in your boot order. Like that's kind of that's suspicious, right? Like what you know, or you're running Windows. It's not dual boot and one of your boot loaders is Grub. It's a Linux boot loader. Why is that there? That in of itself is suspicious. Could could be completely legitimate, but more than likely suspicious so. But you know, going back to the upgrade, this is a great reason.
If your hardware is older and needs to be refreshed, sometimes it might be easy to just put new hardware. Got a brand new system. All the keys are there. Windows 11 is installed and you're off to the races. It may be resource wise in a lot of cases. It just could be better. Just issue new hardware.
