On Tue, 7 Mar 2023 09:53:23 +1300, Peter Reutemann quoted:
'Researchers have announced a major cybersecurity find -- the world's first-known instance of real-world malware that can hijack a computer's boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.'
From the article <https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/>:
Despite Microsoft releasing new patched software, the vulnerable signed binaries have yet to be added to the UEFI revocation list that flags boot files that should no longer be trusted. Microsoft has not explained the reason, but it likely has to do with hundreds of vulnerable bootloaders that remain in use today. If those signed binaries are revoked, millions of devices will no longer work. As a result, fully updated devices remain vulnerable because attackers can simply replace patched software with the older, vulnerable software. What’s the point of having a revocation list, if you cannot actually revoke anything?