SecurityWeek reports that 40 new vulnerabilities, including two zero-days, have been fixed by Microsoft as part of this month's Patch Tuesday.
BlackLotus UEFI bootkit has exploited one of the addressed zero-day flaws, tracked as CVE-2023-24932, which is a bypass of the Secure Boot feature that could be leveraged self-signed code execution at the UEFI level.
While this month's fix has not completely resolved the bug, which requires boot manager revocations, Microsoft will be enabling automated revocation file deployment in July's Patch Tuesday and enforcing the revocations beginning in the first quarter of 2024.
"The May 9, 2023, security update provides configuration options to manually enable protections for the Secure Boot bypass but these protections are not enabled automatically. Before you enable these protections, you must verify your devices and all bootable media are updated and ready for this security hardening change," said Microsoft.
Meanwhile, the Win32k driver was found to be impacted by the other zero-day, tracked as CVE-2023-29336, which could be exploited for system privileges. Other critical remote code execution bugs have also been addressed in Windows OLE, Windows Pragmatic General Multicast, and Windows Network File System, tracked as CVE-2023-29325, CVE-2023-24943, and CVE-2023-24941, respectively.