Microsoft fixes Secure Boot bug allowing Windows rootkit installation – BleepingComputer

Microsoft fixes Secure Boot bug allowing Windows rootkit installation – BleepingComputer

Microsoft fixes Secure Boot bug allowing rootkit installation

Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system’s booting process even when Secure Boot is enabled.

Secure Boot blocks untrusted operating systems bootloaders on computers with Unified Extensible Firmware Interface (UEFI) firmware and a Trusted Platform Module (TPM) chip to help prevent rootkits from loading during the OS startup process.

Rootkits can be used by threat actors to inject malicious code into a computer’s UEFI firmware, to replace the operating system’s bootloader, to replace parts of the Windows kernel, or camouflage maliciously crafted drivers are legitimate Windows drivers.

The security feature bypass flaw, tracked as CVE-2020-0689, has a publicly available exploit code that works during most exploitation attempts which require running a specially crafted application.

“An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software,” Microsoft explains.

Affected Windows versions include multiple Windows 10 releases (from v1607 to v1909), Windows 8.1, Windows Server 2012 R2, and Windows Server 2012.

How to install the security update

To block untrusted or known vulnerable third-party bootloaders when Secure Boot is toggled on, Windows devices with UEFI firmware use the Secure Boot Forbidden Signature Database (DBX).

The KB4535680 security update released by Microsoft as part of the January 2021 Patch Tuesday addresses the vulnerability by blocking known vulnerable third-party UEFI modules (bootloaders) to the DBX.

Users have to install this
Source…