Bonum Certa Men Certa

UEFI 'Security' is Totally Hopeless, Even a Paradox

BlackLotus UEFI Bootkit Source Code Leaked on GitHub
Like 'pwning' Microsoft on a Microsoft/NSA platform



Summary: The pseudo-security industry (bug doors, imperialism/national security in 'security' clothing) is losing the argument; grown-ups have meanwhile classified UEFI 'secure' boot as a laughing stock and its proponents as Microsoft trolls

THE people who promote fake security just 'happen' to be the loudest and most aggressive Internet (or IRC) trolls, constantly looking to defame, threaten, blackmail, and maybe even dox both my wife and I.



They keep losing the argument, they even half-admit that (in their blogs), but somehow it's us who are the problem?

It has been nearly a year since we last wrote about UEFI 'secure' boot, i.e. outsourcing to Microsoft portrayed as some kind of Buffy-on-steroids of security. But it's back in the news [1] because of another black eye. As a reminder, there's no real solution to this [2-4]. Just reject fake security. Reject Microsoft and its Munchkins [1, 2, 3].

Related/contextual items from the news:


  1. BlackLotus UEFI Bootkit Source Code Leaked on GitHub

    The source code for the BlackLotus UEFI bootkit has been leaked on GitHub and an expert has issued a warning over the risks.



  2. NSA: BlackLotus BootKit Patching Won't Prevent Compromise

    BlackLotus burst on the scene last fall when it was spotted for sale on the Dark Web for $5,000. It has the dubious distinction of being the first in-the-wild malware to successfully bypass to Microsoft's Unified Extensible Firmware Interface (UEFI) Secure Boot protections.

    UEFI is the firmware that's responsible for the booting-up routine, so it loads before the operating system kernel and any other software. BlackLotus — a software, not a firmware threat, it should be noted — takes advantage of two vulnerabilities in the UEFI Secure Boot function to insert itself into the earliest phase of the software boot process initiated by UEFI: CVE-2022-21894, aka Baton Drop, CVSS score 4.4; and CVE-2023-24932, CVSS score 6.7. These were patched by Microsoft in January 2022 and May 2023 respectively.

    But the country's top technology intelligence division warned that applying the available Windows 10 and Windows 11 patches is only a "a good first step."



  3. Microsoft’s bootkit patches offer ‘false sense of security’ against BlackLotus threat, NSA says

    BlackLotus targets Windows boot by exploiting a flaw in older boot loaders, or boot managers, to set off a chain of malicious actions that compromise endpoint security. This is achieved by exploiting the Baton Drop vulnerability to strip the Secure Boot policy and prevent its enforcement.

    BlackLotus shares some characteristics with Boot Hole, a vulnerability discovered in 2020. Unlike Boot Hole, however, BlackLotus targets vulnerable boot loaders that have not been added to the Secure Boot Deny List Database (DBX) revocation list.



  4. To kill BlackLotus malware, patching is a good start, but...

    Then, in research published in March, ESET malware analyst Martin Smolár confirmed the myth of an in-the-wild bootkit bypassing Secure Boot "is now a reality," as opposed to hypothetical threats raised by some experts and the usual slew of fake bootkits criminals attempted to trick fellow miscreants into buying.

    No Linux-targeting variant of the malware has been observed; BlackLotus strictly nobbles Microsoft Windows machines.



Recent Techrights' Posts

The Register Bill
The Register MS - putting the "MS" in your centre of the universe
Analogies for "Memory Safety" in Rust
Don't worry, it's Rust! It can do anything!
 
Links 07/09/2025: Yle Impersonated in Social Control Media, Boat-Attacking Orcas, Midjourney Sued Again
Links for the day
Slopwatch: LinuxSecurity, Linux Journal, and the Serial Slopper
Google won't tackle the issue because Google participates not only in relaying slop but also in generating lots of it
Links 07/09/2025: Google Fines in EU and "Your Internet Access Is at Risk"
Links for the day
Gemini Links 07/09/2025: Little Brother and Corporate Theatre
Links for the day
Links 07/09/2025: More Harms of Slop and Anthropic's Nightmare Scenario (Huge Legal Liabilities for Slop)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 06, 2025
IRC logs for Saturday, September 06, 2025
Microsoft Sites Now Talking About September's Mass Layoffs at Microsoft
It's noteworthy that even Microsoft's MSN now covers the latest revelations about mass layoffs
Gemini Links 06/09/2025: SpellBinding Moving and "The Cloud" Ridiculed
Links for the day
Slopwatch: On "the Apology Industry", Chatbots (Punchbag for Customers), and Fake Articles About "Linux"
"news reporting priorities changed"
Links 06/09/2025: "Covid Incidence on the Rise" and Many Attacks on the Press Worldwide
Links for the day
Nobody Denies That SecureBoot Will Cause Problems After September 11
Not even Microsoft
Gemini Links 06/09/2025: Infinite Scrolling and Posting from Emacs
Links for the day
Links 06/09/2025: GitHub Meltdown Over Slop, "U.S. Jury Says Google Should Pay $425 Million in Privacy Lawsuit"
Links for the day
Despite Its Severe Financial Problems Gnome Foundation Inc Paid Rosanna Yuen Over 100,000 Dollars Last Year
maybe relocation should be considered
The "Left" and the Right"
It poisons everything
Mozilla and Rust Are Not Leftists
they're part of the mass consumerism machine
Disposable to Microsoft
There is an extensive set of people who got used by Microsoft, only to be thrown away a month later or a year later or a decade later
The UEFI 9/11 - Part VII - This Coming Week Many PCs Will Refuse to Boot "Linux" (Because of Microsoft's Expired Certificate)
The real solution is, disable "secure boot" or "SecureBoot" while it's still possible. [...] Just like submarine patents, a lot of this problem was "hibernating" for a while
The Thing Nobody in Red Hat Wants to Talk About Openly
There is a real sentiment or worry among Red Hatters, Europeans and Americans in particulars (because of higher salary expectations)
Slopwatch: Small Parade of Fake News About "Linux" and Scams Borrowing the Name (or Word) "Linux"
In practice, LLMs are a risk
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 05, 2025
IRC logs for Friday, September 05, 2025
Genini Links 05/09/2025: Community, ROOPHLOCH, and PITkit
Links for the day
Links 05/09/2025: Vaccine Sceptics Poison the Well, Two Exploited Vulnerabilities Patched in Android
Links for the day
Gemini Links 05/09/2025: Logitech Lift and DIY Gemini Servers
Links for the day
Links 05/09/2025: Sainsbury's Caught Spying on In-Store Shoppers and Microsoft "OpenAI is Using Legal Threats to Harass its Critics"
Links for the day
BASIC Predates Microsoft by Over a Decade, Microsoft-Controlled Sites Like The Register MS Don't Want You to Know This
The state of the media is really bad when it relies a lot on oligarchs' money and is appointing editors who are working for oligarchs
Brian Kernighan, "Only Third to Dennis Richie and Ken Thompson" (UNIX), Agreed With Someone Who Said Rust Was Just Hype, Should Not Replace C
17 hours ago
Reminder: Microsoft's "Secure Boot" Certificate for "Linux" Will be Expired in One Week
Many PCs won't manage to 'rotate' to another certificate
"Many of the Red Hat Employees Are Still Looking for Work"
Shame on IBM's CEO
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 04, 2025
IRC logs for Thursday, September 04, 2025
Microsoft Started With Code Literally From The Trash, Nothing Has Improved Since
The reality is, there are systems and code that are reliable. But they're not Microsoft's.
Hypothesis That New McKinsey/Microsoft Executive Inside Red Hat Will Outsource Research and Development Operations to India (Like They Do in IBM)
IBM is floundering
Slopwatch: Scams, Fake Articles About "Linux", Plagiarism, and Worse
Perhaps some time soon the LLMs or the "Big LLMs" will run out of money (to borrow) and go offline, leaving those slopfarms in a tough place