A January 2022 patch fixed flaws used by Windows UEFI bootkit BlackLotus, but PCs are at risk as Microsoft hasn’t put vulnerable binaries on a revocation list (Dan Goodin/Ars Technica)

Dan Goodin / Ars Technica:
A January 2022 patch fixed flaws used by Windows UEFI bootkit BlackLotus, but PCs are at risk as Microsoft hasn’t put vulnerable binaries on a revocation list  —  BlackLotus represents a major milestone in the continuing evolution of UEFI bootkits.  —  Researchers on Wednesday announced …