FIX BlackLotus Secure Boot Vulnerability Detection and Remediation Scripts Patches from Microsoft

HomeOther ContentFIX BlackLotus Secure Boot Vulnerability Detection and Remediation Scripts Patches from Microsoft
Channel: HTMD Community Sourced: Youtube Published 1 year ago
FIX BlackLotus Secure Boot Vulnerability Detection and Remediation Scripts Patches from Microsoft
FIX BlackLotus Secure Boot Vulnerability Detection and Remediation Scripts Patches from Microsoft
Let's understand how to patch Microsoft's BlackLotus Secure Boot vulnerability detection and remediation scripts in this short video.

#msintune #sccm #configmgr #windows #windows11 #windows10

FIX Windows Boot Manager CVE-2023-24932 BlackLotus UEFI bootkit vulnerability – https://www.anoopcnair.com/cve-2023-24932-windows-boot-manager-blacklotus/

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign – https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating -attacks-using-cve -2022-21894-la-campagne-blacklotus/

Released January 2022 – Secure Boot Security Feature Bypass Vulnerability – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21894

Released May 9, 2023 – Secure Boot Security Feature Bypass Vulnerability – CVE-2023-24932 – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932

KB5025885: How to handle Windows Boot Manager revocations for Secure Boot changes related to CVE-2023-24932 – https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the -windows- boot manager revocations for secure boot changes associated with cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d

KB5025885: Addressing CVE-2023-24932 with Proactive Remediation and Configuration Items – https://garytown.com/kb5025885-dealing-cve-2023-24932-with-proactive-remediation-configuration-items

What system administrators need to know about May KB5025885 patches https://patchtuesday.com/blog/critical-patches/may-update-kb5025885-bypass-flaw/

An example script for extracting and analyzing these logs is shown here, based on GitHub – mattifestation/TCGLogTools: A set of tools for extracting and analyzing boot logs measured by TCG – https://github.com/mattifestation/TCGLogTools

Microsoft Incident Response (formerly known as Microsoft Detection and Response Team – DART), through forensic analysis of BlackLotus-infected devices, identified multiple detection opportunities at multiple stages of its installation and deployment processes. 'execution. Artifacts analyzed include:

Recently written bootloader files
Staging directory artifacts created
Registry key changed
Windows event log entries generated
Network behavior
Boot configuration log entries generated

hello, let's talk about the vulnerability associated with UEFI Black Lotus bootkit and how to fix it. Do we need to re-image the entire device or are there other options etc. This is a Microsoft article that we are going to go through and understand what are detection processes and what are remediation processes etc. and powershell script examples are also provided in this Microsoft documentation even the Registry keys and log logs are available to determine whether or not this issue affects your organization's devices. There are community blog posts. including the HTMD Community blog post, all these details are available in the description of this video, so check it out and decide how to proceed. Reimaging entire devices is not a person.

Please take the opportunity to connect and share this video with your friends and family if you find it useful.

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Policy | Terms of Services | Contact us | DMCA

We adhere to fair use guidelines when quoting from other sources. We provide brief excerpts and proper attribution.

Redway © 1999-2024