Share via

BlackLotus, CVE-2022-21894, CVE-2023-24932: Does WinRE need to be updated manually?

Martin Fessler 11 Reputation points
2023-08-10T21:31:52.33+00:00

Hello,

does the WinRE have to be updated manually with the latest Windows Safe OS Dynamic Update to fix the BlackLotus (CVE-2022-21894, CVE-2023-24932) vulnerability as it was the case for the Bitlocker vulnerability (CVE-2022-41099), or is (or was it already?) done automatically by a monthly rollup?

Btw... in my opinion something like this should be patched automatically!
Features like Bitlocker (I just say "automatic encryption on modern devices") and Secure Boot (Windows 11) are practically "forced" on the end customers and then Microsoft expects that the average Joe tracks CVE,KBs... and manually patch stuff like that using Dism or PS scripts... really?

Thanks and greetings,
Martin

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,906 questions
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,652 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,963 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,278 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Wesley Li (Shanghai Wicresoft Co., Ltd.) 236 Reputation points
    2023-09-20T07:49:58.2666667+00:00

    Hello

    The BlackLotus vulnerability (CVE-2022-21894) and the related vulnerability (CVE-2023-24932) are indeed serious issues that Microsoft has been addressing. These vulnerabilities affect the Unified Extensible Firmware Interface (UEFI) and can be exploited via a bootkit called BlackLotus.

    To mitigate these vulnerabilities, Microsoft has released updates and provided guidance on how to investigate attacks using these vulnerabilities. However, it’s important to note that applying these updates to the Windows Recovery Environment (WinRE), also known as “Safe OS”, requires manual steps. This is similar to the process required for the BitLocker vulnerability (CVE-2022-41099).

    Microsoft has provided scripts and guidance on how to manually update WinRE to address these vulnerabilities. However, I understand your concern. It would indeed be more user-friendly if such critical updates were applied automatically.

    KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

    PowerShell Script To Update WinRE On Windows To Fix Bitlocker Vulnerability  CVE-2022-41099 HTMD Blog (anoopcnair.com)

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.