Andrew 🌻 Brandt 🐇<p><a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> does it again on <a href="https://infosec.exchange/tags/PatchTuesday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PatchTuesday</span></a> with a flawless victory against the forces of...bootable media?</p><p>That includes any emergency boot disks, recovery partitions created by the OEM that makes your computer, recovery partitions you made prior to today, bootable media from third parties including emergency recovery tools.</p><p>On the one hand, the CVE-2023-24932 bug seems really bad. UEFI malware that inserts itself at a lower level than Secure Boot? It's incredibly dangerous. [Edit: changed "but" to "bug"]</p><p>On the other hand, it's also extremely rare and unlikely to affect most users. Meanwhile, the thing that does affect many Windows users are crashes that cause the computer not to be able to boot.</p><p>And now, the <a href="https://infosec.exchange/tags/KB5025885" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KB5025885</span></a> patch removes the one safety net under the high wire. Now you get to go wild and free and maybe...your computer falls to its death. </p><p>Ai yi yi, I am normally the guy who tells you to apply these important patches right away, and this has me questioning that advice.</p><p>If you decide that you need to do this, you probably need to find another method of creating a bootable backup of your system drive, just in case something goes wrong. I use a NVMe drive and have an external backup device that lets me clone from my main drive to a second NVMe drive, but that's a highly specialized set of tools and it's not cheap or easy.</p><p>This whole situation seems like something that could have been handled a lot better by our friends in the MSRC.</p><p><a href="https://infosec.exchange/tags/CVE202324932" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE202324932</span></a> #24932 <a href="https://infosec.exchange/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> <a href="https://infosec.exchange/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> <a href="https://infosec.exchange/tags/BlackLotus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlackLotus</span></a> <a href="https://infosec.exchange/tags/patch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>patch</span></a> <a href="https://infosec.exchange/tags/Windowsupdate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windowsupdate</span></a> </p><p><a href="https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d#install5025885" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">support.microsoft.com/en-us/to</span><span class="invisible">pic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d#install5025885</span></a></p>