IMPORTANT You should apply the Windows security update released on or after July 9, 2024, as part of your regular monthly update process.
CAUTION After the mitigation for this issue is enabled on a device, meaning the mitigations have been applied, it cannot be reverted if you continue to use Secure Boot on that device. Even reformatting of the disk will not remove the revocations if they have already been applied. Please be aware of all the possible implications and test thoroughly before you apply the revocations that are outlined in this article to your device.
Summary
This article describes the protection against the publicly disclosed Secure Boot security feature bypass that uses the BlackLotus UEFI bootkit tracked by CVE-2023-24932, how to enable the mitigations, and guidance on bootable media. A bootkit is a malicious program that is designed to load as early as possible in a devices boot sequence to control the operating system start…
