Microsoft Releases Guidance for the BlackLotus Campaign - 20230413006

Overview

Microsoft has released guidance for investigating BlackLotus Campaign attacks.

What is the vulnerability?

CVE-2022-21894 - Secure Boot Security Feature Bypass Vulnerability

What is vulnerable?

The vulnerability affects multiple Microsoft products. For a comprehensive list of affected products, refer Microsoft Security Update Guide.

Guide for investigating BlackLotus campaign attacks can be found here.

What has been observed?

CISA has listed this vulnerabilty in their Known Exploited Vulnerabilties Catalog

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected products/devices.