Patch Awareness – NSA’s BlackLotus Mitigation Guide Addresses Recent Confusion Over Protections

The NSA has shared another Cybersecurity Information Sheet that addresses vulnerabilities in embedded computing functions. Earlier this month, it published joint guidance on Hardening Baseboard Management Controllers (BMCs). Last week, the NSA released the BlackLotus Mitigation Guide to help system administrators protect against BlackLotus, a vulnerability (CVE-2022-21894) that takes advantage of a boot loader flaw in supported versions of Microsoft Windows.

System administrators are encouraged to review the guidance carefully to confirm proper mitigations are in place.

The NSA guide provides an overview of recommended actions to detect and prevent malicious activities associated with BlackLotus. However, there has been some confusion since Microsoft’s addressing of the vulnerability in May’s Patch Tuesday. While Microsoft did provide new configuration options to protect against BlackLotus (and Baton Drop, a separate vulnerability), they are not enabled by default as system administrators are urged to verify devices are ready for the patch beforehand. This has created a situation where some organizations believe they are safe from BlackLotus just because they have applied the patch. The NSA urges organizations to confirm that these optional protections have been manually enabled for their devices, and carefully review the list of further mitigations and the FAQ. Read more at SC Magazine.