[German]Brief information for administrators in the Windows environment. A reader just informed me that Windows Update KB5012170 has been re-released in WSUS. This update was released on Patchday, August 9, 2022 to fix issues in Secure Boot DBX. However, this update caused significant issues with Bitlocker for some users, up to and including systems no longer booting.
Advertising
KB5012170 re-released in WSUS.
It was a short mail from blog reader Jan V. that reached me today (10/17/2022) informing me about a specific observation (thanks for pointing it out). Jan wrote:
You had already reported about KB5012170 on 12/08/2022. I noticed today in our WSUS that there is a new revision for (still supported) Windows 10 versions.
On 13.10. or 14.10.2022 the revision 201 (with revision date 09.08.2022?!) has been synchronized within our WSUS.
I have not yet been able to take care of the content, apparently nothing came up with us this morning at the start (after the installation on the "Patchday PCs" on the last weekend).
an noted that he could not find anything about the new revision 201 in the KB articles at Microsoft. In the Internet there is probably also still nothing – so that it is unclear whether Microsoft changed only metadata or also contents.
Secure Boot DBX update KB5012170
I had reported about this update on patchday, August 9, 2022, in the blog post Windows Security Update KB5012170 for Secure Boot DBX (August 9, 2022). It is a security update for the Secure Boot module, which can be used by Windows on UEFI machines. It is intended to fix a vulnerability that allows security features to be bypassed during secure boot. An attacker who successfully exploited this vulnerability could bypass the secure boot process and load untrusted software. The update affects all versions of Windows that are still in support.
Shortly after the security update was released, however, there was increased evidence of real problems as user feedback in my blogs. The security update for the Secure Boot Module, which is supposed to prevent exploitation of vulnerabilities, triggers requests of the Bitlocker key when booting a machine for some users. Others have installation errors, and for some users the screen remains dark. I had reported about this in the blog post Update KB5012170 for Secure Boot DBX causes Bitlocker issues. Therefore, WSUS should wait to release the update until it is clear what the revision contains.
Advertising
Similar articles:
Windows Security Update KB5012170 for Secure Boot DBX (August 9, 2022)
Update KB5012170 for Secure Boot DBX causes Bitlocker issues
Advertising
Same SHA256 between both versions, maybe they fixed something in the latest Cumulative that permitted to re-release that one
hi guenni.
there's also a Win11 22H2 version of the KB5012170 update that has been recently pushed by MS that might be causing problems on 22H2 for Win11 as noted by Neowin:
https://www.neowin.net/news/microsoft-pushes-windows-11-22h2-secure-boot-dbx-update-thats-known-to-be-bug-ridden/