|
Date of change |
Description of change |
|
May 15, 2023 |
|
|
May 11, 2023 |
|
|
May 10, 2023 |
|
|
May 9, 2023 |
|
Notice
Important: All customers should apply the May 9, 2023 Windows security updates. This article applies to customers who should take additional steps to implement security mitigations for a publicly disclosed Secure Boot bypass leveraged by the BlackLotus UEFI bootkit which requires physical or administrative access to the device.
Caution: Once the mitigation for this issue is enabled on a device, meaning the revocations have been applied, it cannot be reverted if you continue to use Secure Boot on that device. Even reformatting of the disk will not remove the revocations if they have already been applied. Please be aware of all the possible implications and test thoroughly before applying the revocations that are outlined in this article to your device.
In this article
Summary
This article describes the protection against the public disclosure of a Secure Boot security feature bypass by using the BlackLotus UEFI bootkit tracked by CVE-2023-24932 and how to enable the protections and guidance to update bootable media. A bootkit is a malicious program that is designed to load as early as possible in a device’s sequence, in order to control the operating system start.
Secure Boot is recommended by Microsoft to make a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Secure Boot helps prevent bootkit malware in the boot sequence. Disabling Secure Boot puts a device at risk of being infected by a bootkit malware. Fixing the Secure Boot bypass described in CVE-2023-24932 requires revoking boot managers. This could cause issues for some device’s boot configurations.
The May 9, 2023 security update provides configuration options to manually enable protections for the Secure Boot bypass but these protections are not enabled automatically. Before you enable these protections, you must verify your devices and all bootable media are updated and ready for this security hardening change. Customers who use Microsoft cloud-based solutions should follow the guidance in Updating Bootable Media/Azure Cloud.
Take Action
|
Important Steps must be done in the following order and completed before moving to the next step. Bootable media will fail to start if all steps are not completed in order. |
Scope of Impact
All Windows devices with Secure Boot protections enabled are affected by this issue, both on-premises physical devices and some virtual machines (VMs) or cloud-based devices. Protections are available for supported versions of Windows. For the full list, please see CVE-2023-24932.
Linux is also affected by this issue. Microsoft has been coordinating with representatives from major Linux distributions to make the fix available for their operating systems. You must contact support for your Linux distribution for guidance on mitigating this issue for your Linux devices.
Cloud Services
Per the Shared Responsibility model, Microsoft is installing the May 9, 2023 Secure Boot updates for all software as a service (SaaS) and platform as a service (PaaS) by using Safe Deployment Practices. For Windows Infrastructure as a service (IaaS) based services which run on Azure with Secure Boot enabled (Trusted Launch VM or Confidential VM), you must follow the same steps for on-premises Windows devices.
Understanding the risk
For the BlackLotus UEFI bootkit exploit described in this article to be possible, an attacker must gain administrative privileges on a device or gain physical access to the device. This can be done by accessing the device physically or remotely, such as by using a hypervisor to access VMs/cloud. An attacker will commonly use this vulnerability to continue controlling a device that they can already access and possibly manipulate. Mitigations in this article are preventive and not corrective. If your device is already compromised, contact your security provider for help.
If you use Secure Boot and incorrectly perform the steps on this article, you might be unable to start or recover your device from media. This can prevent you from using recovery media, such as discs or external drives, or network boot recovery, if the media has not been correctly updated.
Avoiding issues with your Bootable Media
Because of the security changes required for CVE-2023-24932 and described in this article, revocations must be applied to supported Windows devices. After these revocations are applied, the devices will intentionally become unable to start by using recovery or installation media, unless this media has been updated with the security updates released on or after May 9, 2023. This includes both bootable media, such as discs, external drives, network boot recovery, and restore images.
Important: You must complete "Step 2: UPDATE" before applying the revocations in "Step 3: APPLY" in the "Deployment Guidelines" section.
Examples of bootable media and recovery media impacted by this issue
-
Bootable media created by using Create a recovery drive.
Note: The “Create a recovery drive” functionality is not supported in the updates released on or after May 9, 2023, and cannot be used to restore devices with revocation enabled. We are working on a resolution and will provide an update in an upcoming release. -
Backups of Windows which were imaged before the installation of updates released on or after May 9, 2023. These will not be directly usable to restore your Windows installation after the revocations have been enabled on your device.
-
Custom CD/DVD or recovery partition created by you, your device manufacturer (OEM) or enterprises
-
ISO (via download or using ADK)
-
Network Boot
-
Windows Deployment Services
-
Preboot Execution Environment boot services (PXE boot services)
-
Microsoft Deployment Toolkit
-
HTTPS Boot
-
-
OEM installation and recovery media
-
Official Windows media from Microsoft including:
-
Retail media
-
Media creation tool (ISO or USB drive)
-
USB drive
-
-
Windows PE
-
Windows installed on physical hardware or virtual machines
NOTE Downloadable Windows media from Microsoft, updated with the latest Cumulative Updates, will soon be available through familiar channels including Microsoft Software Download, Visual Studio Subscriptions and the Volume Licensing Service Center. Please check back here for availability.
Deployment guidelines
To deploy updates and apply revocations, follow these steps.
1. INSTALL
Install the Windows monthly servicing updates released on or after May 9, 2023, on supported Windows devices. These updates include protections for CVE-2023-24932 but are not enabled by default. Make sure to restart the device to complete the installation of the update before proceeding to Step 2 and Step 3.
NOTE We are working on SafeOS dynamic updates for an upcoming release that can be applied to WinRE partitions. OEMs should continue to follow the standard guidance for updating WinRE. Do NOT delete the revocation file (SKUSIPolicy.p7B) from the EFI partition on devices where the revocations have been applied. This note will be updated when the SafeOS dynamic updates are available.
CAUTION If you upgrade your device to Windows 11, version 21H2, or Windows 11, version 22H2, or some versions of Windows 10, you might be unable to start the upgraded version of Windows. This issue might occur when you install Windows updates released on or after May 9, 2023, AND you enable the revocations.
This issue will not occur on devices which have not applied the revocations. We are aware of this issue and are working to address this issue. Refer to the Troubleshooting boot issues section on how to recover if your device does not start after enabling the revocations.
Note Updating from Windows 10 to a later version of Windows 10 which uses an enablement package is not affected by this issue. An example of updating Windows 10 by using an enablement package is going from Windows 10, version 20H1, to Windows 10, version 22H2.
2. UPDATE bootable media
Update any bootable media and full backups of Windows to make sure it contains the updated files from the Windows updates released on or after May 9, 2023. See details in the Updating Bootable Media section. Updating the media with the Windows updates released on or after May 9, 2023 makes sure that the media will continue to start on all devices in your environment. Backups of Windows which were imaged before the installation of the Windows updates released on or after May 9, 2023 will need to be recreated after installing these updates. These will not be directly usable to restore your Windows installation after the revocations have been enabled on your device.
If you do not create your own media, you will need to get the updated official media from Microsoft, your device manufacturer (OEM), or cloud providers. If it is unclear if the bootable media has been updated, you might need to test it on a Windows device which updates released on or after May 9, 2023 have been installed and the revocations applied.
For information and steps on updating bootable media, see the section “Updating Bootable Media” section.
3. APPLY the revocations
The revocation files are available as part of the updates released on or after May 9, 2023. These files include a “Code Integrity Boot Policy” and a “Secure Boot UEFI Forbidden List” update. Applying these revocations files is necessary to be fully protected from the vulnerability described by CVE-2023-24932. The following steps, Step 3a through Step 3e, must be completed on all Windows devices to apply the revocations.
CAUTION After the revocations are applied, bootable media that is not updated will no longer work as expected. Do not proceed with “Step 3: Apply” until you have followed the guidance regarding bootable media.
|
3a |
Apply the Code Integrity Boot Policy The Code Integrity Boot Policy (SKUSiPolicy.p7b) uses the Code Integrity feature of Windows to prevent untrusted Windows boot managers from loading when Secure Boot is enabled. Open a Command Prompt window running as an Administrator, type each of the following commands and then press Enter to copy the Code Integrity Boot Policy to the devices EFI partition. mountvol q: /S NOTES
|
|
3b |
Apply the Secure Boot UEFI Forbidden List (DBX) The UEFI Forbidden List (DBX) is used to block untrusted modules from loading. reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x10 /f |
|
3c |
Restart the device After applying the two revocations in Step 3a and 3b, you must restart the device to enable the revocation protections. |
|
3e |
Wait at least 5 minutes and then restart the device again
|
|
3d |
Verify installation and revocation list was successfully applied See Windows event log errors related to CVE-2023-24932 section for how to verify it was applied successfully. |
Updating bootable media
Updating bootable media is important to make sure that the new boot manager and other supporting files are installed to allow for starting the device after the mitigations are applied. Ideally, the bootable media should be updated before applying the revocations on your device.
Important Do NOT apply the updated SKUSIPolicy.p7b file (containing the revocations) on your bootable media (ISO, USB, DVD, and so on). The SKUSIPolicy.p7b file from updates released on or after May 9, 2023 should only be applied to your Windows devices.
NOTE Downloadable Windows media (ISO files) from Microsoft, updated with the latest Cumulative Updates, will soon be available through familiar channels including Microsoft Software Download, Visual Studio Subscriptions, and the Volume Licensing Service Center. If this media works with your device and configuration, there is no need to follow the manual steps below to create updated bootable media.
If you use bootable media with a personal Windows device, you might need to do one or more of the following before applying revocations:
-
For all supported versions of Windows 11 and Windows 10, if the existing bootable media fails to start, see the "Create the installation media" section in Reinstall Windows.
-
If you use personal backup software to save the contents of your device, be sure to run a complete backup after installing the Windows update dated on or after May 9, 2023.
-
If you use a bootable disk image (ISO), a CD-ROM, or DVD media, update the media by following the instructions here.
Enterprise
-
See comprehensive guidelines and scripting for Update Windows installation media with Dynamic Update
-
If you support network boot or recovery scenarios in your environment, you will need to update all media and images with updates released on or after May 9, 2023. This can include the following boot or recovery options:
-
Microsoft Deployment Toolkit
-
Microsoft Endpoint Configuration Manager
-
Windows Deployment Services
-
PxE Boot
-
HTTPS boot and other network boot scenarios
-
-
One way to do this is by using DISM offline package installation on the images that are being served by these scenarios. This includes updating the boot files that are being offered by these services.
-
If you use backup software to save the contents of your Windows installation into a recovery image, be sure to run a complete backup after installing the Windows updates released on or after May 9, 2023. Be sure to backup the EFI disk partition in addition to the Windows operating system partition. Clearly identify backups made before the May 9, 2023 updates versus those made after May 9, 2023 updates.
-
Media using Windows Preinstallation Environment (Windows PE) and Windows Recovery Environment (WinRE) based on Windows Server 2012, Windows 8.1, or Windows Server 2012 R2 will only need the boot manager files bootmgfw.efi and bootx64.efi or bootia32.efi (depending on the device architecture). Do not use this method of updating media for any other version of Windows.
Windows PC OEMs
-
See comprehensive guidelines and scripting for Update Windows installation media with Dynamic Update
Cloud Services
-
Microsoft will be installing these protections on Microsoft-managed cloud services, as necessary.
-
Enterprises using customer-managed cloud solutions should install these updates based on risk profile after thorough testing.
-
Hyper-V Generation 1 VMs and non-Secure Boot capable devices are not affected by the security issue in CVE-2023-24932 and the revocations do not apply to these devices. You should still install updates released May 9, 2023 or later on all supported versions of Windows.
-
Azure SaaS and PaaS Per the Shared Responsibility model, Microsoft is in the process of installing the updates addressing CVE-2023-24932 released in the May 9, 2023 updates for SaaS and PaaS Azure services. Microsoft deploys these updates using Safe Deployment Practices (SDP).
-
Azure laaS For IaaS based services, customers that need to mitigate this vulnerability can install the Windows updates released on or after May 9, 2023 and configure the revocation setting. Note that this fix and the associated configuration will provide protection for customers that have Secure Boot enabled. If customers need to protect against bootkit style attacks, they can enable Secure Boot. See Deploy a VM with trusted launch enabled for more details.
Timing of updates
Updates will be released as follows:
-
Initial Deployment This phase starts with updates released on May 9, 2023, and provides basic mitigations,
-
Second Deployment This phase starts with updates released on July 11, 2023, which adds additionally support mitigating the issue.
-
Enforcement The final enforcement phase that will make the mitigations permanent. Tentatively scheduled for the first quarter of 2024.
Note This release schedule might be revised at a later date.
In this release, to mitigate CVE-2023-24932, the Windows Updates for May 9, 2023 will include:
-
Updates for Windows released on or after May 9, 2023 to address vulnerabilities discussed in CVE-2023-24932.
-
Changes to Windows boot components.
-
Two revocation files which can be manually applied (a Code Integrity policy and an updated Secure Boot disallow list (DBX)).
Updates for Windows released on or after July 11, 2023 which adds the following:
-
Allow easier, automated deployment of the revocation files (Code Integrity Boot policy and Secure Boot disallow list (DBX)).
-
New Event Log events will be available to report whether revocation deployment was successful or not.
-
SafeOS dynamic update package for Window Recovery Environment (WinRE).
When updates are released for the enforcement phase, they will add the following:
-
The revocations (Code Integrity Boot policy and Secure Boot disallow list) will be programmatically enforced after installing updates for Windows to all affected systems with no option to be disabled.
-
We’re looking for opportunities to accelerate this schedule, if possible and will announce any updates here.
Windows Event log errors related to CVE-2023-24932
In addition to the existing Secure Boot DBX related events, there is one new event added after installing Windows updates released on or after May 9, 2023 to aid in deploying the mitigations.
Event ID 1035
Event ID 1035 will be logged when the DBX update has been applied to the firmware successfully.
|
Event log |
System |
|
Event source |
TPM-WMI |
|
Event ID |
1035 |
|
Level |
Informational |
|
Error message text |
Secure Boot DBX update applied successfully |
Frequently Asked Questions (FAQ)
-
Your bootable media will need to be updated after revocations are applied. See the Updating Bootable Media section.
-
Follow the guidance in the Troubleshooting Boot Issues section.
-
If the SKUSIPolicy.p7b file is removed from the EFI partition or the EFI partition is deleted or reformatted, WinRE looks for the SKUSIPolicy.p7b file and will not find it. This will cause WinRE to fail to start. Follow the guidance in the Troubleshooting Boot Issues section.
-
Update all Windows operating systems with updates released May 9, 2023 or later before applying the revocations. You might be unable to start any version of Windows that has not been updated to at least updates released May, 9 2023 after applying the revocations. Follow the guidance in the Troubleshooting Boot Issues section below.
-
You will need to Update the bootable media.
-
After updating all installed versions of Windows and updating your bootable media, the revocations can then be applied as described in the APPLY the revocations step.
-
See the Troubleshooting boot issues section.
Troubleshooting boot issues
The following errors might be displayed if the revocations have been applied and the boot manager is not from the Windows updates released on or after May 9, 2023.
|
Error image |
Error text |
|
For Windows 11 and most versions of Windows 10, you might receive this error if boot manager is not up to date.
|
Windows Boot Manager A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. If you have a Windows installation disc, insert the disc and restart your computer. Click "Repair your computer", and then choose a recovery tool. Otherwise, to start Windows so you can investigate further, press the ENTER key to display the boot menu, press FS for Advanced Boot Options, and select Last Known Good. If you understand why the digital signature cannot be verified and want to start Windows without this file, temporarily disable driver signature enforcement.
|
|
For Windows 10 Enterprise LTSB, you might receive this error if boot manager is not up to date.
|
Windows Boot Manager Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:
If you do not have this disc, contact your system administrator or computer manufacturer for assistance. Status: OxcOe90002 |
|
|
Microsoft Hyper-V UEFI Virtual Machine Boot Summary
No operating system was loaded. Your virtual machine may be configured incorrectly. Exit and re-configure your VM or click restart to retry the current boot sequence again. |
To mitigate these errors, follow these steps:
-
You have to temporarily disable Secure Boot. Follow the steps in Disable Secure Boot. If you are using a Surface device, you have to follow the steps in Open Surface UEFI menu.
-
Start the device into Windows. If your system is configured to boot multiple versions of Windows, start the newest version of Windows.
-
Install updates released May 9, 2023 or later, if they have not already been installed.
-
Open a Command Prompt window running as Administrator, type each command separately, and then press Enter:
mountvol q: /S
xcopy %systemroot%\Boot\EFI\bootmgfw.efi q:\EFI\Microsoft\Boot
xcopy %systemroot%\Boot\EFI\bootmgfw.efi q:\EFI\Boot\boot<arch>.efi
xcopy %systemroot%\system32\SecureBootUpdates\SKUSiPolicy.p7b q:\EFI\Microsoft\Boot
mountvol q: /D
Where <arch> is x64, ia32, or aa64 , depending on the architecture of your device. You can determine this by typing the following command and then press Enter:
dir q:\EFI\Microsoft\Boot*.efi -
Restart the device and follow the instructions in Re-enable Secure Boot.
|
Error image |
Error text |
|
You might receive the following error when Windows 10 or Windows 11 is started if the SKUSIPolicy.p7b file has been deleted after applying the revocations.
|
Recovery Your PC/Device needs to be repaired An unexpected error has occurred. Error code: 0xc0e90002 You'll need to use recovery tools. If you don't have any installation media (like a disc or USB device), contact your PC administrator or PC/Device manufacturer. |
|
|
Microsoft Hyper-V UEFI
No operating system was loaded. Your virtual machine may be configured incorrectly.
|
To mitigate these errors, follow these steps:
-
You need to temporarily disable Secure Boot. To do this, follow the steps in Disable Secure Boot. If you are using a Surface device, you will need to follow the steps in Open Surface UEFI menu.
-
Start the device into Windows. If your system is configured to boot multiple versions of Windows, start the newest version of Windows.
-
Install updates released on or after May 9, 2023, if they have not already been installed.
-
Open a Command Prompt window running as Administrator, type each of the following commands separately, and then press Enter:
mountvol q: /S
xcopy %systemroot%\Boot\EFI\bootmgfw.efi q:\EFI\Microsoft\Boot
xcopy %systemroot%\Boot\EFI\bootmgfw.efi q:\EFI\Boot\boot<arch>.efi
xcopy %systemroot%\system32\SecureBootUpdates\SKUSiPolicy.p7b q:\EFI\Microsoft\Boot
mountvol q: /D
Where <arch> is x64, ia32, or aa64 depending on the architecture of your device. You can determine this by typing the following command and then press Enter:
dir q:\EFI\Microsoft\Boot*.efi -
Restart the device and follow the instructions in Re-enable Secure Boot.
|
Error image |
Error text |
|
Windows Deployment Services/PxE Network Boot Error
|
Windows Deployment Serv ices (Server IP: nnn.nnn.nnn.nnn) Windows Deployment Services encountered an error: Error Code: 0xc0000272 |
To mitigate this error, follow this step:
-
Apply the May 9, 2023 or later updates using DISM offline package installation to the boot.wim or WinPE image on the deployment server.
References
-
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
-
For events that are generated when applying DBX updates, see the following article:
KB5016061: Addressing vulnerable and revoked Boot Managers
