{"id":26183,"date":"2022-08-12T06:16:38","date_gmt":"2022-08-12T04:16:38","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=26183"},"modified":"2022-08-12T09:48:44","modified_gmt":"2022-08-12T07:48:44","slug":"windows-sicherheitsupdate-kb5012170-fr-secure-boot-dbx-9-august-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/08\/12\/windows-sicherheitsupdate-kb5012170-fr-secure-boot-dbx-9-august-2022\/","title":{"rendered":"Windows Security Update KB5012170 for Secure Boot DBX (August 9, 2022)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline; border-width: 0px;\" title=\"Update\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/06\/Update-01.jpg\" alt=\"Update\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/08\/12\/windows-sicherheitsupdate-kb5012170-fr-secure-boot-dbx-9-august-2022\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Another short addendum from patchday, August 9, 2022. A security update for the Secure Boot module was also provided there by Microsoft. It is a security update for the Secure Boot (DBX) that can be used by Windows on UEFI machines. The update affects all versions of Windows that are still in support. <strong>Addendum:<\/strong> Some users are facing an install error 0x800f0922.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg05.met.vgwort.de\/na\/4db9d2ce3efc41098bf614a63a93c779\" alt=\"\" width=\"1\" height=\"1\" \/>An anonymous blog reader pointed out security update <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15\">KB5012170<\/a> (Security update for Secure Boot DBX: August 9, 2021) in <a href=\"https:\/\/www.borncity.com\/blog\/2022\/08\/10\/patchday-windows-10-updates-9-august-2022\/#comment-130382\" target=\"_blank\" rel=\"noopener\">this comment<\/a>. Here is some information about it.<\/p>\n<h2>Background to update KB5012170<\/h2>\n<p>Windows devices with UEFI (Unified Extensible Firmware Interface)-based firmware can be operated with Secure Boot enabled. The Secure Boot Forbidden Signature Database (DBX) prevents the loading of UEFI modules. The security update <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15\" target=\"_blank\" rel=\"noopener\">KB5012170<\/a> (Security update for Secure Boot DBX: August 9, 2022) brings improvements to the Secure Boot DBX for the supported Windows versions by adding new modules to the DBX.<\/p>\n<p>The reason for this addition: there is a vulnerability in bypassing security features during secure boot. An attacker who successfully exploited this vulnerability could bypass the safe boot process and load untrusted software. Details about this vulnerability can be found in the following documents:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/ADV200011\" target=\"_blank\" rel=\"noopener\">ADV200011 | Microsoft Guidance for Addressing Security Feature Bypass in GRUB<\/a><\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-34301\" target=\"_blank\" rel=\"noopener\">CVE-2022-34301 | Eurosoft Boot Loader Bypass<\/a><\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-34302\" target=\"_blank\" rel=\"noopener\">CVE-2022-34302 | New Horizon Data Systems Inc Boot Loader Bypass<\/a><\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-34303\" target=\"_blank\" rel=\"noopener\">CVE-2022-34303 | Crypto Pro Boot Loader Bypass<\/a><\/li>\n<\/ul>\n<h2>Affected Windows versions<\/h2>\n<p>Security update <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15\">KB5012170<\/a> is available for the following Windows versions when installed on UEFI hardware.<\/p>\n<ul>\n<li>Windows Server 2012<\/li>\n<li>Windows 8.1 and Windows Server 2012 R2<\/li>\n<li>Windows 10, version 1507<\/li>\n<li>Windows 10, version 1607 and Windows Server 2016<\/li>\n<li>Windows 10, version 1809 and Windows Server 2019<\/li>\n<li>Windows 10, version 20H2<\/li>\n<li>Windows 10, version 21H1<\/li>\n<li>Windows 10, version 21H2<\/li>\n<li>Windows Server 2022<\/li>\n<li>Windows 11, version 21H2 (original release)<\/li>\n<li>Azure Stack HCI, version 1809<\/li>\n<li>Azure Stack Data Box, version 1809 (ASDB)<\/li>\n<\/ul>\n<p>Windows 7 or 32-bit Windows versions are not supported. The update is deployed via Windows Update, via WSUS, in the Microsoft Update Catalog, and via Windows Update for Business.<\/p>\n<h2>What to note<\/h2>\n<p>If you want to install the update, you should read the notes in <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15\">KB5012170<\/a>. Some original equipment manufacturer (OEM) firmware may not allow installation of this update. Contact your firmware OEM to resolve this issue.<\/p>\n<blockquote><p><strong>Addendum:<\/strong> Some users are facing an install error 0x800f0922. I have two cases reported by German blog readers &#8211; another thread may be found <a href=\"https:\/\/answers.microsoft.com\/en-us\/windows\/forum\/all\/error-0x800f0922-when-installing-windows-update\/5a8092a8-8f42-4451-ac1a-db2ca397096d\" target=\"_blank\" rel=\"noopener\">here<\/a>. The reason could a system\u00a0 reserved partition, that's to small. And there are cases, that the manufacturer of the main board (OEM) \/ firmware maker has to bee contacted, because the update can't be installed. In the MS answers forum is a <a href=\"https:\/\/answers.microsoft.com\/en-us\/windows\/forum\/all\/error-0x800f0922-when-installing-windows-update\/5a8092a8-8f42-4451-ac1a-db2ca397096d\" target=\"_blank\" rel=\"noopener\">thread<\/a>, where a user solved it. He run the system in BIOS mode, but the update has been offered (although it not applyable in BIOS mode).<\/p><\/blockquote>\n<p>Care should also be taken if the BitLocker group policy \"Configure TPM platform validation profile for native UEFI firmware configurations\" is enabled and PCR7 is selected by policy. This may cause this to require the BitLocker recovery key on some devices where PCR7 binding is not possible. Details can be found in the KB post.<\/p>\n<p><strong>Similar article:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2022\/08\/03\/microsoft-office-updates-2-august-2022\/\">Microsoft Office Updates (August 2, 2022)<\/a><strong><br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2022\/08\/10\/microsoft-security-update-summary-9-august-2022\/\">Microsoft Security Update Summary (August 9, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/08\/10\/patchday-windows-10-updates-august-9-2022\/\">Patchday: Windows 10-Updates (August 9, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/08\/10\/patchday-windows-11-server-2022-updates-9-august-2022\/\">Patchday: Windows 11\/Server 2022-Updates (August 9, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/08\/10\/windows-7-server-2008r2-windows-8-1-server-2012r2-updates-9-august-2022\/\">Windows 7\/Server 2008R2; Windows 8.1\/Server 2012R2: Updates (August 9, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/08\/11\/patchday-microsoft-office-updates-9-august-2022\/\">Patchday: Microsoft Office Updates (August 9, 2022)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Another short addendum from patchday, August 9, 2022. A security update for the Secure Boot module was also provided there by Microsoft. It is a security update for the Secure Boot (DBX) that can be used by Windows on UEFI &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/08\/12\/windows-sicherheitsupdate-kb5012170-fr-secure-boot-dbx-9-august-2022\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22],"tags":[2738,69,195],"class_list":["post-26183","post","type-post","status-publish","format-standard","hentry","category-security","category-update","tag-patchday-8-2022","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/26183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=26183"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/26183\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=26183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=26183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=26183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}