Microsoft issued an optional patch Tuesday as part of its monthly dump of fixes that addresses for the second time a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware.

In all, the Redmond giant pushed out 38 security fixes in its May patch cycle, addressing three zero-day flaws – two of which are under active exploitation, including the UEFI flaw – and six bugs rated critical.

Security researchers earlier this year spotted the BlackLotus bootkit for sale on hacker forums for $5,000. BlackLotus was the first known example of malware capable of defeating the computing industry standard for ensuring only trusted operating systems can boot up a device. It exploited a vulnerability Microsoft patched in 2022 tracked as CVE-2022-21894 (see: BlackLotus Malware Bypasses Secure Boot on Windows Machines).