#msintune #sccm #configmgr #windows #windows11 #windows10
FIX Windows Boot Manager CVE-2023-24932 BlackLotus UEFI bootkit vulnerability – https://www.anoopcnair.com/cve-2023-24932-windows-boot-manager-blacklotus/
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign – https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating -attacks-using-cve -2022-21894-la-campagne-blacklotus/
Released January 2022 – Secure Boot Security Feature Bypass Vulnerability – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21894
Released May 9, 2023 – Secure Boot Security Feature Bypass Vulnerability – CVE-2023-24932 – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932
KB5025885: How to handle Windows Boot Manager revocations for Secure Boot changes related to CVE-2023-24932 – https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the -windows- boot manager revocations for secure boot changes associated with cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d
KB5025885: Addressing CVE-2023-24932 with Proactive Remediation and Configuration Items – https://garytown.com/kb5025885-dealing-cve-2023-24932-with-proactive-remediation-configuration-items
What system administrators need to know about May KB5025885 patches https://patchtuesday.com/blog/critical-patches/may-update-kb5025885-bypass-flaw/
An example script for extracting and analyzing these logs is shown here, based on GitHub – mattifestation/TCGLogTools: A set of tools for extracting and analyzing boot logs measured by TCG – https://github.com/mattifestation/TCGLogTools
Microsoft Incident Response (formerly known as Microsoft Detection and Response Team – DART), through forensic analysis of BlackLotus-infected devices, identified multiple detection opportunities at multiple stages of its installation and deployment processes. 'execution. Artifacts analyzed include:
Recently written bootloader files
Staging directory artifacts created
Registry key changed
Windows event log entries generated
Network behavior
Boot configuration log entries generated
hello, let's talk about the vulnerability associated with UEFI Black Lotus bootkit and how to fix it. Do we need to re-image the entire device or are there other options etc. This is a Microsoft article that we are going to go through and understand what are detection processes and what are remediation processes etc. and powershell script examples are also provided in this Microsoft documentation even the Registry keys and log logs are available to determine whether or not this issue affects your organization's devices. There are community blog posts. including the HTMD Community blog post, all these details are available in the description of this video, so check it out and decide how to proceed. Reimaging entire devices is not a person.
Please take the opportunity to connect and share this video with your friends and family if you find it useful.
No Comments