CVE-2022-21894
published 2022-01-11CVE-2022-21894: Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability
medium4.4
ITW
Exploited in the wild
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.19177 | 10.0.10240.19177 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.4886 | 10.0.14393.4886 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2452 | 10.0.17763.2452 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.2452 | 10.0.17763.2452 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.2037 | 10.0.18363.2037 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1466 | 10.0.19042.1466 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1466 | 10.0.19043.1466 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.1466 | 10.0.19044.1466 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.434 | 10.0.22000.434 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20246 | 6.3.9600.20246 |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.23584 | 6.2.9200.23584 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.20246 | 6.3.9600.20246 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.4886 | 10.0.14393.4886 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.2452 | 10.0.17763.2452 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.469 | 10.0.20348.469 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19042.1466 | 10.0.19042.1466 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_1909 | — | — |
| msrc | windows_10_version_20h2 | — | — |
| msrc | windows_10_version_21h1 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_8.1 | — | — |
CVSS provenance
cvelistv54.4MEDIUM
vulncheck4.4MEDIUM
GHSA
GHSA-q5c9-xwjv-3hcq: Secure Boot Security Feature Bypass Vulnerability
ghsa_unreviewed·2022-01-12
CVE-2022-21894 [MEDIUM] CWE-863 GHSA-q5c9-xwjv-3hcq: Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability.
CVEList
Secure Boot Security Feature Bypass Vulnerability
cvelistv5·2022-01-11·CVSS 4.4
CVE-2022-21894 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
VulnCheck
Secure Boot Security Feature Bypass
vulncheck·2022·CVSS 4.4
CVE-2022-21894 [MEDIUM] Secure Boot Security Feature Bypass
Secure Boot Security Feature Bypass
Secure Boot Security Feature Bypass Vulnerability
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/; https://www.binarly.io/blog/the-untold-story-of-the-blacklotus-uefi-bootkit; https://cisa.gov/news-events/alerts/2023/04/11/microsoft-releases-guidance-for-the-blacklotus-campaign; https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign; https://msrc.microsoft.com/blog/2023/05/guidance-related-to-secure-boot-manager-changes-associated-
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2022-01-11·CVSS 4.4
CVE-2022-21894 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Windows Secure Boot: Windows Secure Boot
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Security Feature Bypass
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5009557
Reference: https://support.microsoft.com/help/5009557
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5009545
Reference: https://support.microsoft.com/help/5009545
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5009543
Reference: https://support.microsoft.com/help/5009543
Reference: https://catalog.update.microsoft.com/v7/site/Search.a
No detection rules found.
No public exploits indexed.
arXiv
SoK: Security Below the OS -- A Security Analysis of UEFI
arxiv_fulltext·2023-11-07
SoK: Security Below the OS -- A Security Analysis of UEFI
SoK: Security Below the OS -- A Security Analysis of UEFI
1Priyanka Prakash Surve, 1Oleg Brodt, 2Mark Yampolskiy, 1Yuval Elovici, 1Asaf Shabtai
1Software and Information Systems Engineering, Ben Gurion University of the Negev
2Computer Science and Software Engineering, Auburn University
comment
1st Priyanka Prakash Surve
Information Systems Engineering
Ben Gurion University of the Negev
Be'er Sheva, Israel
[email protected]
2nd Oleg Brodt
Information Systems Engineering
Ben Gurion University of the Negev
Be'er Sheva, Israel
[email protected]
3rd Mark Yampolskiy
Computer Science and Software Engineering
Auburn University
Auburn, USA
[email protected]
4th Yuval Elovici
Information Systems Engineering
Ben Gurion University of the Negev
Be'er Sheva, Israel
[email protected]
5
Microsoft
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
blogs_microsoft·2023-04-11·CVSS 4.4
[MEDIUM] Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
Research
April 11, 2023
## Related posts
March 12
March 12
March 11
## Get started with Microsoft Security
Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.
Connect with us on social
Careers
About Microsoft
Company news
Privacy at Microsoft
Investors
Diversity and inclusion
Accessibility
Sustainability
Crowdstrike
May 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] May 2023 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2022-01-11
Published
Exploited in the wild