12 matches found
NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems
The U.S. National Security Agency NSA on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user...
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer...
Exploit for Incorrect Authorization in Microsoft
PoC exploit for CVE-2022-21894, a vulnerability in a Windows ker...
CVE-2022-21894
creationtimestamp| type| source ---|---|--- 2022-01-12 00:17:56+00:00| seen| https://t.me/cibsecurity/35295 2022-08-18 13:42:44+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2984 2022-08-18 15:53:26+00:00| seen| https://t.me/crackcodes/1040 2022-08-18 15:56:07+00:00| seen|...
CVE-2022-21894
Secure Boot Security Feature Bypass Vulnerability...
CVE-2022-21894
Secure Boot Security Feature Bypass Vulnerability...
CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability
...
CVE-2022-21894
CVE-2022-21894 is a Secure Boot security feature bypass exploited by the BlackLotus UEFI bootkit. It bypasses Secure Boot to load malicious EFI components, enabling persistence, disabling HVCI and Defender, and prior to OS load. Attack requires elevated privileges or physical access; bootkit impl...
CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability
...
KB5009595: Windows 8.1 and Windows Server 2012 R2 Security Updates (January 2022)
The remote Windows host is missing security update 5009595 or cumulative update 5009624. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services...
KB5009543: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (January 2022)
The remote Windows host is missing security update 5009543. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-21849, CVE-2022-21850,...
KB5009557: Windows 10 Version 1809 and Windows Server 2019 Security Update (January 2022)
The remote Windows host is missing security update 5009557. It is, therefore, affected by multiple vulnerabilities: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. CVE-2022-21836 - A denial of service DoS vulnerabilit...