HTMD Community | FIX BlackLotus Secure Boot Vulnerability | Detection and Remediation Scripts | Fixes from Microsoft @htmdcommunity | Uploaded 1 year ago | Updated 1 day ago
Let's understand how to FIX BlackLotus Secure Boot Vulnerability | Detection and Remediation Scripts | Fixes from Microsoft in this short video.
#msintune #sccm #configmgr #windows #windows11 #windows10
==
FIX Windows Boot Manager Vulnerability CVE-2023-24932 BlackLotus UEFI bootkit - https://www.anoopcnair.com/cve-2023-24932-windows-boot-manager-blacklotus/
==
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign - https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/
==
Published in Jan 2022 - Secure Boot Security Feature Bypass Vulnerability - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21894
Published on May 9th 2023 - Secure Boot Security Feature Bypass Vulnerability - CVE-2023-24932 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932
==
KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d
==
KB5025885: Dealing with CVE-2023-24932 via Proactive Remediation & Configuration Items - https://garytown.com/kb5025885-dealing-cve-2023-24932-with-proactive-remediation-configuration-items
==
What System Administrators Need to Know About May’s KB5025885 Patches https://patchtuesday.com/blog/critical-patches/may-update-kb5025885-bypass-flaw/
==
A sample script to extract and parse these logs is presented here, based on GitHub – mattifestation/TCGLogTools: A set of tools to retrieve and parse TCG measured boot logs - https://github.com/mattifestation/TCGLogTools
==
Microsoft Incident Response (previously known as Microsoft Detection and Response Team – DART), through forensic analysis of devices infected with BlackLotus, has identified multiple opportunities for detection along several steps in its installation and execution processes. The artifacts analyzed include:
Recently written bootloader files
Staging directory artifacts created
Registry key modified
Windows Event logs entries generated
Network behavior
Boot Configuration log entries generated
==
hi there, let's talk about Black Lotus UEFI bootkit Associated vulnerability and how to fix it do we need to re-image the entire device or are there any other options etc this is a Microsoft article that we are going to go through and understand what are the detection processes and what are the remediation processes Etc, and there are some sample Powershell scripts also given in this documentation from Microsoft even registry keys and log logs are available to determine whether this issue is impacting your organization devices or not there are Community blog posts including HTMD Community blog post all these details are available in the description of this video so do check that out and decide how to proceed reimaging entire devices is not a person
Let's understand how to FIX BlackLotus Secure Boot Vulnerability | Detection and Remediation Scripts | Fixes from Microsoft in this short video.
#msintune #sccm #configmgr #windows #windows11 #windows10
==
FIX Windows Boot Manager Vulnerability CVE-2023-24932 BlackLotus UEFI bootkit - https://www.anoopcnair.com/cve-2023-24932-windows-boot-manager-blacklotus/
==
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign - https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/
==
Published in Jan 2022 - Secure Boot Security Feature Bypass Vulnerability - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21894
Published on May 9th 2023 - Secure Boot Security Feature Bypass Vulnerability - CVE-2023-24932 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932
==
KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d
==
KB5025885: Dealing with CVE-2023-24932 via Proactive Remediation & Configuration Items - https://garytown.com/kb5025885-dealing-cve-2023-24932-with-proactive-remediation-configuration-items
==
What System Administrators Need to Know About May’s KB5025885 Patches https://patchtuesday.com/blog/critical-patches/may-update-kb5025885-bypass-flaw/
==
A sample script to extract and parse these logs is presented here, based on GitHub – mattifestation/TCGLogTools: A set of tools to retrieve and parse TCG measured boot logs - https://github.com/mattifestation/TCGLogTools
==
Microsoft Incident Response (previously known as Microsoft Detection and Response Team – DART), through forensic analysis of devices infected with BlackLotus, has identified multiple opportunities for detection along several steps in its installation and execution processes. The artifacts analyzed include:
Recently written bootloader files
Staging directory artifacts created
Registry key modified
Windows Event logs entries generated
Network behavior
Boot Configuration log entries generated
==
hi there, let's talk about Black Lotus UEFI bootkit Associated vulnerability and how to fix it do we need to re-image the entire device or are there any other options etc this is a Microsoft article that we are going to go through and understand what are the detection processes and what are the remediation processes Etc, and there are some sample Powershell scripts also given in this documentation from Microsoft even registry keys and log logs are available to determine whether this issue is impacting your organization devices or not there are Community blog posts including HTMD Community blog post all these details are available in the description of this video so do check that out and decide how to proceed reimaging entire devices is not a person