CVE-2022-21894

Vulnerability updated 7 months ago (2024-05-04T17:20:45.677Z)
Download STIX
Preview STIX
CVE-2022-21894, also known as "Baton Drop," is a significant vulnerability in software design or implementation that affects Windows machines. It was identified and patched by Microsoft in January 2022. This flaw bypasses security features during the device's startup process, specifically the Secure Boot feature, allowing malicious actors to gain control of endpoints during the early phase of software boot. The malware BlackLotus exploits this vulnerability, even in fully patched Windows 11 systems. To disable Secure Boot, BlackLotus uses a bootkit to exploit the Baton Drop vulnerability and deploys an older, vulnerable Windows boot loader. Notably, BlackLotus can infect Windows machines with Secure Boot enabled, thus evading one of the key security measures in place on these systems. Despite the patch released by Microsoft, the continued exploitation of this vulnerability underscores the importance of not only applying patches promptly but also maintaining vigilance for potential new attack vectors. Organizations are advised to ensure their systems are up-to-date and to monitor for any signs of intrusion, particularly during the device's startup process where the Baton Drop vulnerability is most potent.
Description last updated: 2024-05-04T16:23:04.912Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Blacklotus is a possible alias for CVE-2022-21894. BlackLotus is a harmful malware that targets the Unified Extensible Firmware Interface (UEFI) and Secure Boot systems, exploiting their vulnerabilities to gain persistent kernel access and privileges. It was first detected in 2022 when security researchers discovered a UEFI bootkit being sold on hac
8
Baton Drop is a possible alias for CVE-2022-21894. The Baton Drop vulnerability, designated CVE-2022-21894, is a flaw in the Windows boot loader that can be exploited to bypass Secure Boot - a security control that protects a Windows system during startup. This vulnerability was targeted by BlackLotus, a software threat that exploits two vulnerabili
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Bootkit
Vulnerability
Windows
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the CVE-2022-21894 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
ESET
a year ago
BankInfoSecurity
a year ago
DARKReading
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Flashpoint
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
2 years ago
CSO Online
2 years ago
CERT-EU
2 years ago