Researchers found BlackLotus uses year old vulnerability and can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled.

Want Windows 11 but have an unsupported computer? Here's how to install Windows 11 even if your PC doesn't meet the minimum requirements.

Security researchers uncovered a flaw in Windows 11 that allows attackers to disable Secure Boot using Microsoft-signed tools, requiring manual updates to protect against bootkits.

However, attackers nevertheless found a way. Secure Boot was defeated to inject boot-level payloads by exploiting a vulnerability that Microsoft patched back in Jan. 2022, namely CVE-2022-21894.

All UEFI systems with Microsoft third-party UEFI signing enabled are affected (Windows 11 Secured-core PCs should have this option disabled by default).