It also deploys an HTTP downloader that enables communication with the Command and Control server and has the ability to load further user-mode or kernel-mode payloads. The primary objective of BlackLotus, after it has been installed, is to initiate the deployment of a kernel driver, which serves to safeguard the bootkit against any attempts to eliminate it. The bootkit has been able to still exploit the vulnerability post January fix because the validly signed binaries have still not been added to the UEFI revocation list, the mechanism to revoke the digital certificates of UEFI drivers.ĭue to the complexity of the whole UEFI ecosystem and related supply-chain problems, many of the UEFI vulnerabilities have left systems vulnerable even a long time after the vulnerabilities have been fixed, according to ESET.
0 Comments
Leave a Reply. |