Automating Deployment of a Patch My PC Publisher VM.If you have a Microsoft Technical Account Manager (TAM) or Customer Success Account Manager (CSAM) I recommend contacting them to ‘encourage’ them to do so.How to host the Patch My PC Publisher on a virtual machine in Microsoft Azure, including costs, to provision applications into Microsoft Intune. However, Microsoft has yet to commit to providing a new Windows PE release for the Windows ADK that includes the needed updates. Then, in the first quarter of 2024, Microsoft plans to release updates that enforce this protection on all devices, making it mandatory. In July, they plan to begin a second phase by providing an automated method to enable Safe Boot protection and update existing Recovery Partitions. Any full-disk backups or system restore points without May’s security updates may no longer boot on devices that have been protected.Īs they’ve done in the past for significant breaking changes like this, these security updates represent Microsoft’s initial phase of solving the problem. Second, internally discuss whether the risks posed by BlackLotus outweigh the challenges involved in rolling out the changes needed to be protected. Anything that gets infected needs to be nuked and paved.įirst, apply May’s security updates. Note that neither May’s security updates nor the proactive steps below to protect against BlackLotus will fix an infected machine. If that’s what you’re already doing, then BlackLotus isn’t unique in that regard. How bad that is depends on your standard operating procedures for virus mitigation. In addition, as BlackLotus modifies the UEFI configuration stored in NVRAM, you may also need to wipe or reconfigure this to remove all traces. Microsoft’s current remediation ( here) is to wipe the entire drive to remove all partitions. That being said, the remediation steps here are not pretty. BlackLotus becomes one of any infinite bad things a local administrator could install or do.
In practice, this means your user needs to be a local administrator to install it. While BlackLotus is considered to have a low attack complexity and does not require user interaction, the vulnerability requires administrative rights. Microsoft has assigned this a CVSS base score of 6.7 which isn’t great but isn’t earth-shattering.
0 kommentar(er)
