CVE-2022-21894

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-21894, also known as "Baton Drop," is a significant vulnerability in software design or implementation that affects Windows machines. It was identified and patched by Microsoft in January 2022. This flaw bypasses security features during the device's startup process, specifically the Secure Boot feature, allowing malicious actors to gain control of endpoints during the early phase of software boot. The malware BlackLotus exploits this vulnerability, even in fully patched Windows 11 systems. To disable Secure Boot, BlackLotus uses a bootkit to exploit the Baton Drop vulnerability and deploys an older, vulnerable Windows boot loader. Notably, BlackLotus can infect Windows machines with Secure Boot enabled, thus evading one of the key security measures in place on these systems. Despite the patch released by Microsoft, the continued exploitation of this vulnerability underscores the importance of not only applying patches promptly but also maintaining vigilance for potential new attack vectors. Organizations are advised to ensure their systems are up-to-date and to monitor for any signs of intrusion, particularly during the device's startup process where the Baton Drop vulnerability is most potent.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Blacklotus
8
BlackLotus is a malicious software (malware) that poses a significant threat to computer systems by exploiting vulnerabilities in the Unified Extensible Firmware Interface (UEFI) and Secure Boot processes. As of 2023, BlackLotus was confirmed to be an active UEFI bootkit, capable of bypassing securi
Baton Drop
4
The Baton Drop vulnerability, designated CVE-2022-21894, is a flaw in the Windows boot loader that can be exploited to bypass Secure Boot - a security control that protects a Windows system during startup. This vulnerability was targeted by BlackLotus, a software threat that exploits two vulnerabili
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Vulnerability
Bootkit
Windows
Malware
Eset
Exploit
Loader
Nsa
Rootkit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-21894 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Microsoft’s bootkit patches offer ‘false sense of security’ against BlackLotus threat, NSA says  
Flashpoint
a year ago
Tracking Patch Tuesday Vulnerabilities: May 2023
Securityaffairs
a year ago
Source code of the BlackLotus UEFI Bootkit was leaked on GitHub
BankInfoSecurity
a year ago
Microsoft Fixes BlackLotus Vulnerability, Again
CERT-EU
a year ago
Hacker’s Playbook Threat Coverage Roundup: March 28, 2023
ESET
9 months ago
WeLiveSecurity
DARKReading
a year ago
Pernicious Rootkits Pose Growing Blight On Threat Landscape
CERT-EU
a year ago
Microsoft fixes three zero-days in May 2023 Patch Tuesday
DARKReading
a year ago
BlackLotus Secure Boot Bypass Malware Set to Ramp Up
BankInfoSecurity
a year ago
NSA Issues Remediation Guidance for BlackLotus Malware
CERT-EU
a year ago
BlackLotus bootkit patch may bring "false sense of security", warns NSA
CERT-EU
a year ago
Microsoft Patchday: Angreifer verschaffen sich System-Rechte unter Windows
Securityaffairs
a year ago
BlackLotus is first bootkit bypassing UEFI Secure Boot on Win 11
CERT-EU
a year ago
NSA Releases Guide to Combat BlackLotus Malware
ESET
a year ago
Hunting down BlackLotus – Week in security with Tony Anscombe | WeLiveSecurity
CERT-EU
a year ago
BlackLotus UEFI malware source code has leaked on GitHub
CSO Online
a year ago
BlackLotus bootkit can bypass Windows 11 Secure Boot: ESET
CERT-EU
a year ago
Microsoft Will Take Nearly a Year To Finish Patching New 0-Day Secure Boot Bug - Slashdot
CERT-EU
a year ago
Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug
CERT-EU
a year ago
Microsoft fixes 38 flaws, including 3 zero-day vulnerabilities, with Patch Tuesday update