CVE-2022-21894

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Microsoft Windows 10 versions 1607, 1809, 1909, 20h2, 21h1, 21h2 Microsoft Windows 11 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2016 Microsoft Windows Server 2019

Description A security-feature bypass vulnerability allows attackers to affect the system. This issue is related to the Secure Boot security feature, which can be bypassed by attackers. The vulnerability is exploited by the BlackLotus UEFI bootkit, which can control the operating system loading process, disable security mechanisms such as HVCI and Bitlocker, and install malicious software. The bootkit can also record its own MOK (Machine Owner Key) in the MokList and NVRAM variable, allowing it to use legitimate firmware signed by Microsoft to launch its own self-signed bootkit.

Recommendations For Microsoft Windows 10 versions 1607, 1809, 1909, 20h2, 21h1, 21h2, update to a newer version that contains a fix for this vulnerability. For Microsoft Windows 11, update to a newer version that contains a fix for this vulnerability. For Microsoft Windows 8.1, update to a newer version that contains a fix for this vulnerability. For Microsoft Windows Server 2012, update to a newer version that contains a fix for this vulnerability. For Microsoft Windows Server 2016, update to a newer version that contains a fix for this vulnerability. For Microsoft Windows Server 2019, update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the Secure Boot feature until a patch is available. Restrict access to the UEFI firmware settings to minimize the risk of exploitation. Avoid using the MOK (Machine Owner Key) feature in the affected systems until the issue is resolved.