Microsoft has released a fix for a Secure Boot bypass vulnerability that allowed threat actors to deploy the BlackLotus bootkit (opens in new tab) to target endpoints – however, the update will be sitting idly on computers for months before it actually gets used, as its application is somewhat complicated.The original vulnerability is tracked as CVE-2022-21894, and that one was patched in early 2023. However, hackers soon found ways to work around the patch and still deploy BlackLotus on
…
Read more