IMPORTANT All customers should apply the July 11, 2023 Windows security updates. This article applies to customers who should take additional steps to implement security mitigations for a publicly disclosed Secure Boot bypass leveraged by the BlackLotus UEFI bootkit which requires physical or administrative access to the device.
CAUTION Once the mitigation for this issue is enabled on a device, meaning the revocations have been applied, it cannot be reverted if you continue to use Secure Boot on that device. Even reformatting of the disk will not remove the revocations if they have already been applied. Please be aware of all the possible implications and test thoroughly before applying the revocations that are outlined in this article to your device.
In this article
Summary
This article describes the protection against the publicly disclosed Secure Boot security feature bypass by using the BlackLotus UEFI bootkit tracked by CVE-2023-24932, how to enable the protections, and guidance to update bootable media. A bootkit is a malicious program that is designed to load as early as possible in a devices boot sequence to control the operating system start.
Secure Boot is recommended by Microsoft to make a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernels Trusted Boot sequence. Secure Boot helps prevent bootkit malware in the boot sequence. Disabling Secure Boot puts a device at risk of being infected by a bootkit malware. Fixing the Secure Boot bypass described in CVE-2023-24932 requires revoking boot managers. This could cause issues for some device’s boot configurations.
Protections for the Secure Boot bypass are included in the Windows security updates that were released on or after May 9, 2023—however, these protections are not enabled by default. The Windows security updates that were released on or after July 11, 2023 added simplified configuration options to manually enable the protections for the Secure Boot bypass. A second set of protections will be available in the first half of 2024. Enforcement of these protections will be six months after the second set of protections are released.
Before you enable these protections, you should review closely the details in this article and determine whether you need to enable the protections or wait for a future update from Microsoft. If you choose to enable the protections manually, you must verify your devices and all bootable media are updated and ready for this security hardening change. The second set of protections coming in the first half of 2024 will also require updates to offline media. Customers who use Microsoft cloud-based solutions should follow the guidance in Updating Bootable Media/Azure Cloud.
Take Action
|
Important Steps must be done in the following order and each step must be completed before moving to the next step. Bootable media will fail to start if all steps are not completed in order. If you previously completed these steps by using the Windows security update released on or after May 9, 2023, you do not need to repeat this procedure. |
Scope of Impact
All Windows devices with Secure Boot protections enabled are affected by this issue, both on-premises physical devices and some virtual machines (VMs) or cloud-based devices. Protections are available for supported versions of Windows. For the full list, please see CVE-2023-24932.
Linux systems that rely on Secure Boot may also be affected by this issue. Microsoft has been coordinating with representatives from major Linux distributions to make the fix available for their operating systems. You must contact support for your Linux distribution for guidance on mitigating this issue for your Linux devices.
Cloud Services
Per the Shared Responsibility model, Microsoft is installing these Secure Boot updates for all software as a service (SaaS) and platform as a service (PaaS) by using Safe Deployment Practices. For Windows Infrastructure as a service (IaaS) based services which run on Azure with Secure Boot enabled (Trusted Launch VM or Confidential VM), you must follow the same steps for on-premises Windows devices.
Understanding the risk
For the BlackLotus UEFI bootkit exploit described in this article to be possible, an attacker must gain administrative privileges on a device or gain physical access to the device. This can be done by accessing the device physically or remotely, such as by using a hypervisor to access VMs/cloud. An attacker will commonly use this vulnerability to continue controlling a device that they can already access and possibly manipulate. Mitigations in this article are preventive and not corrective. If your device is already compromised, contact your security provider for help.
If you use Secure Boot and incorrectly perform the steps on this article, you might be unable to start or recover your device from media. This can prevent you from using recovery media, such as discs or external drives, or network boot recovery, if the media has not been correctly updated.
Avoiding issues with your Bootable Media
Because of the security changes that are required for CVE-2023-24932 and described in this article, revocations must be applied to supported Windows devices. After these revocations are applied, the devices will intentionally become unable to start by using recovery or installation media, unless this media has been updated with the security updates released on or after May 9, 2023. This includes both bootable media, such as discs, external drives, network boot recovery, and restore images.
IMPORTANT You must update your bootable media by using the instructions in "Step 2: UPDATE" before enabling the revocations in "Step 3: ENABLE" in the "Deployment Guidelines" section.
Deployment guidelines
To deploy updates and apply revocations, follow these steps.
|
1. |
INSTALL
IMPORTANT Make sure to restart the device to complete the installation of the update before proceeding to Step 2 and Step 3. NOTE SafeOS Dynamic Updates are now available to update WinRE partitions. |
|
2. |
UPDATE bootable media
|
|
3. |
ENABLE the revocations
CAUTION After the revocations are enabled, bootable media that is not updated will no longer work as expected. Do not proceed with “Step 3: ENABLE” until you have updated your bootable media in "Step 2: UPDATE". |
|
a. Enable the Secure Boot UEFI Forbidden List (DBX)
and the Code Integrity Boot Policy
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x30 /f |
|
|
b. Restart the device After setting the registry key in Step a, you must restart the device to enable the revocation protections. |
|
|
c. Wait at least 5 minutes and then restart the device again IMPORTANT An additional restart is required to fully initialize the revocation protections. |
|
|
d. Verify installation and revocation list was successfully applied See Windows event log errors related to CVE-2023-24932 section for how to verify it was applied successfully. |
Updating bootable media
Updating bootable media is important to make sure that the new boot manager and other supporting files are installed to allow for starting the device after the mitigations are applied. Ideally, the bootable media should be updated before applying the revocations on your device.
Important Do NOT enable the updated SKUSIPolicy.p7b file (containing the revocations) on your bootable media (ISO, USB, DVD, and so on). The SKUSIPolicy.p7b file from updates released on or after May 9, 2023 should only be enabled on your Windows devices.
Examples of bootable media and recovery media impacted by this issue
-
Bootable media created by using Create a recovery drive.
NOTE The “Create a recovery drive” functionality is not supported in the updates released on or after May 9, 2023, and cannot be used to restore devices with revocation enabled. We are working on a resolution and will provide an update in an upcoming release.
-
Backups of Windows which were imaged before the installation of updates released on or after May 9, 2023. These will not be directly usable to restore your Windows installation after the revocations have been enabled on your device.
-
Custom CD/DVD or recovery partition created by you, your device manufacturer (OEM) or enterprises
-
ISO (through download or by using the ADK)
-
Network Boot
-
Windows Deployment Services
-
Preboot Execution Environment boot services (PXE boot services)
-
Microsoft Deployment Toolkit
-
HTTPS Boot
-
-
OEM installation and recovery media
-
Official Windows media from Microsoft including:
-
Retail media
-
Media creation tool (ISO or USB drive)
-
USB drive
-
-
Windows PE
-
Windows installed on physical hardware or virtual machines
NOTE Downloadable Windows media (ISO files) from Microsoft, updated with the latest Cumulative Updates, are available through familiar channels including Microsoft Software Download, Visual Studio Subscriptions, and the Volume Licensing Service Center. If this media works with your device and configuration, there is no need to follow the manual steps below to create updated bootable media.
If you use bootable media with a personal Windows device, you might need to do one or more of the following before applying revocations:
-
For all supported versions of Windows 10 and Windows 11, if the existing bootable media fails to start, see the "Create the installation media" section in Reinstall Windows.
-
If you use personal backup software to save the contents of your device, be sure to run a complete backup after installing the Windows update dated on or after July 11, 2023.
-
If you use a bootable disk image (ISO), a CD-ROM, or DVD media, update the media by following the instructions here.
Enterprise
-
See comprehensive guidelines and scripting for Update Windows installation media with Dynamic Update
-
If you support network boot or recovery scenarios in your environment, you will need to update all media and images with updates released on or after July 11, 2023. This can include the following boot or recovery options:
-
Microsoft Deployment Toolkit
-
Microsoft Endpoint Configuration Manager
-
Windows Deployment Services
-
PxE Boot
-
HTTPS boot and other network boot scenarios
-
-
One way to do this is by using DISM offline package installation on the images that are being served by these scenarios. This includes updating the boot files that are being offered by these services.
-
If you use backup software to save the contents of your Windows installation into a recovery image, be sure to run a complete backup after installing the Windows security updates released on or after May 9, 2023, including those released on or after July 11, 2023. Be sure to backup the EFI disk partition in addition to the Windows operating system partition. Clearly identify backups made before the May 9, 2023 updates versus those made after May 9, 2023 updates.
-
Media using Windows Preinstallation Environment (Windows PE) and Windows Recovery Environment (WinRE) based on Windows Server 2012, Windows 8.1, or Windows Server 2012 R2 will only need the boot manager files bootmgfw.efi and bootx64.efi or bootia32.efi (depending on the device architecture). Do not use this method of updating media for any other version of Windows.
Windows PC OEMs
-
See comprehensive guidelines and scripting for Update Windows installation media with Dynamic Update
Cloud Services
-
Microsoft will be installing these protections on Microsoft-managed cloud services, as necessary.
-
Enterprises using customer-managed cloud solutions should install these updates based on risk profile after thorough testing.
-
Hyper-V Generation 1 VMs and non-Secure Boot capable devices are not affected by the security issue in CVE-2023-24932 and the revocations do not apply to these devices. You should still install updates released on or after July 11, 2023 on all supported versions of Windows.
-
Azure SaaS and PaaS Per the Shared Responsibility model, Microsoft is in the process of installing the updates addressing CVE-2023-24932 released in the July 11, 2023 updates for SaaS and PaaS Azure services. Microsoft deploys these updates using Safe Deployment Practices (SDP).
-
Azure laaS For IaaS based services, customers that need to mitigate this vulnerability can install the Windows updates released on or after July 11, 2023 and configure the revocation setting. Note that this fix and the associated configuration will provide protection for customers that have Secure Boot enabled. If customers need to protect against bootkit style attacks, they can enable Secure Boot. See Deploy a VM with trusted launch enabled for more details.
Timing of updates
Updates are released as follows:
-
Initial Deployment This phase started with updates released on May 9, 2023, and provided basic mitigations with manual steps to enable those mitigations.
-
Second Deployment This phase started with updates released on July 11, 2023, which added simplified steps to enable the mitigations for the issue.
-
Third Deployment This phase will add additional boot manager mitigations. This phase will start no sooner than January 9, 2024.
-
Enforcement The final enforcement phase that will make the mitigations permanent. This phase will start no sooner than July 9, 2024.
Note The release schedule for enforcement will be revised at a later date.
In this release, to mitigate CVE-2023-24932, the Windows Updates for May 9, 2023 include:
-
Updates for Windows released on or after May 9, 2023 to address vulnerabilities discussed in CVE-2023-24932.
-
Changes to Windows boot components.
-
Two revocation files which can be manually applied (a Code Integrity policy and an updated Secure Boot disallow list (DBX)).
Updates for Windows released on or after July 11, 2023 which adds the following:
-
Allow easier, automated deployment of the revocation files (Code Integrity Boot policy and Secure Boot disallow list (DBX)).
-
New Event Log events will be available to report whether revocation deployment was successful or not.
-
SafeOS Dynamic Update package for Window Recovery Environment (WinRE).
Updates for Windows released on or after January 9, 2024 will add the following:
-
New mitigations to block additional vulnerable boot managers. These new mitigations will require that media be updated.
When updates are released for the enforcement phase, they will add the following:
-
The revocations (Code Integrity Boot policy and Secure Boot disallow list) will be programmatically enforced after installing updates for Windows to all affected systems with no option to be disabled.
Windows Event log errors related to CVE-2023-24932
After the revocations in section 3 have been applied, the following two events should be observed in the event logs:
Event ID 1035
Event ID 1035 will be logged when the DBX update has been applied to the firmware successfully.
|
Event log |
System |
|
Event source |
TPM-WMI |
|
Event ID |
1035 |
|
Level |
Informational |
|
Error message text |
Secure Boot DBX update applied successfully |
Event ID 276
Event ID 276 will be logged when the boot manager loads the SKUSIPolicy.p7b successfully.
|
Event log |
Microsoft-Windows-Kernel-Boot/Operational |
|
Event source |
Kernel-Boot |
|
Event ID |
276 |
|
Level |
Informational |
|
Error message text |
Windows boot manager revocation policy version 0x2000000000002 is applied. |
Frequently Asked Questions (FAQ)
-
Your bootable media will need to be updated after revocations are applied. See the Updating Bootable Media section.
-
Follow the guidance in the Troubleshooting Boot Issues section.
-
If the SKUSIPolicy.p7b file is removed from the EFI partition or the EFI partition is deleted or reformatted, WinRE looks for the SKUSIPolicy.p7b file and will not find it. This will cause WinRE to fail to start. Follow the guidance in the Troubleshooting Boot Issues section.
-
Update all Windows operating systems with updates released May 9, 2023 or later before applying the revocations. You might be unable to start any version of Windows that has not been updated to at least updates released May, 9 2023 after applying the revocations. Follow the guidance in the Troubleshooting Boot Issues section below.
-
You will need to Update the bootable media.
-
After updating all installed versions of Windows and updating your bootable media, the revocations can then be applied as described in the APPLY the revocations step.
-
See the Troubleshooting boot issues section.
Troubleshooting boot issues
The following errors might be displayed if the revocations have been applied and the boot manager is not from the Windows updates released on or after May 9, 2023.
|
Error image |
Error text |
|
For Windows 11 and most versions of Windows 10, you might receive this error if boot manager is not up to date.
|
Windows Boot Manager A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. If you have a Windows installation disc, insert the disc and restart your computer. Click "Repair your computer", and then choose a recovery tool. Otherwise, to start Windows so you can investigate further, press the ENTER key to display the boot menu, press FS for Advanced Boot Options, and select Last Known Good. If you understand why the digital signature cannot be verified and want to start Windows without this file, temporarily disable driver signature enforcement.
|
|
For Windows 10 Enterprise LTSB, you might receive this error if boot manager is not up to date.
|
Windows Boot Manager Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:
If you do not have this disc, contact your system administrator or computer manufacturer for assistance. Status: OxcOe90002 |
|
|
Microsoft Hyper-V UEFI Virtual Machine Boot Summary
No operating system was loaded. Your virtual machine may be configured incorrectly. Exit and re-configure your VM or click restart to retry the current boot sequence again. |
To mitigate these errors, follow these steps:
-
You have to temporarily disable Secure Boot. Follow the steps in Disable Secure Boot. If you are using a Surface device, you have to follow the steps in Open Surface UEFI menu.
-
Start the device into Windows. If your system is configured to boot multiple versions of Windows, start the newest version of Windows.
-
Install updates released May 9, 2023 or later, if they have not already been installed.
-
Open a Command Prompt window running as Administrator, type each command separately, and then press Enter:
mountvol q: /S
xcopy %systemroot%\Boot\EFI\bootmgfw.efi q:\EFI\Microsoft\Boot
xcopy %systemroot%\Boot\EFI\bootmgfw.efi q:\EFI\Boot\boot<arch>.efi
xcopy %systemroot%\system32\SecureBootUpdates\SKUSiPolicy.p7b q:\EFI\Microsoft\Boot
mountvol q: /D
Where <arch> is x64, ia32, or aa64 , depending on the architecture of your device. You can determine this by typing the following command and then press Enter:
dir q:\EFI\Microsoft\Boot*.efi -
Restart the device and follow the instructions in Re-enable Secure Boot.
|
Error image |
Error text |
|
You might receive the following error when Windows 10 or Windows 11 is started if the SKUSIPolicy.p7b file has been deleted after applying the revocations.
|
Recovery Your PC/Device needs to be repaired An unexpected error has occurred. Error code: 0xc0e90002 You'll need to use recovery tools. If you don't have any installation media (like a disc or USB device), contact your PC administrator or PC/Device manufacturer. |
|
|
Microsoft Hyper-V UEFI
No operating system was loaded. Your virtual machine may be configured incorrectly.
|
To mitigate these errors, follow these steps:
-
You need to temporarily disable Secure Boot. To do this, follow the steps in Disable Secure Boot. If you are using a Surface device, you will need to follow the steps in Open Surface UEFI menu.
-
Start the device into Windows. If your system is configured to boot multiple versions of Windows, start the newest version of Windows.
-
Install updates released on or after May 9, 2023, if they have not already been installed.
-
Open a Command Prompt window running as Administrator, type each of the following commands separately, and then press Enter:
mountvol q: /S
xcopy %systemroot%\Boot\EFI\bootmgfw.efi q:\EFI\Microsoft\Boot
xcopy %systemroot%\Boot\EFI\bootmgfw.efi q:\EFI\Boot\boot<arch>.efi
xcopy %systemroot%\system32\SecureBootUpdates\SKUSiPolicy.p7b q:\EFI\Microsoft\Boot
mountvol q: /D
Where <arch> is x64, ia32, or aa64 depending on the architecture of your device. You can determine this by typing the following command and then press Enter:
dir q:\EFI\Microsoft\Boot*.efi -
Restart the device and follow the instructions in Re-enable Secure Boot.
|
Error image |
Error text |
|
Windows Deployment Services/PxE Network Boot Error
|
Windows Deployment Serv ices (Server IP: nnn.nnn.nnn.nnn) Windows Deployment Services encountered an error: Error Code: 0xc0000272 |
To mitigate this error, follow this step:
-
Apply the May 9, 2023 or later updates using DISM offline package installation to the boot.wim or WinPE image on the deployment server.
References
-
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
-
For events that are generated when applying DBX updates, see the following article:
KB5016061: Addressing vulnerable and revoked Boot Managers
|
Date of change |
Description of change |
|
May 15, 2023 |
|
|
May 11, 2023 |
|
|
May 10, 2023 |
|
|
May 9, 2023 |
|
|
June 27, 2023 |
|
|
July 11, 2023 |
|
|
August 25, 2023 |
|
