Secure Boot Archives

Winsage

February 12, 2025

Microsoft issues Windows 11 alert and says to ‘roll back to Windows 10’ now

Windows 10 will reach its end of life on October 14, 2025, after which Microsoft will stop providing free updates and security patches. Users can transition to Windows 11 by purchasing a new laptop with it pre-installed, opting for Extended Security Updates (ESUs) for older machines, or upgrading existing devices. Windows 11 has specific system requirements, including a Trusted Platform Module (TPM) version 2.0. Microsoft warns that installing Windows 11 on incompatible hardware will result in a watermark and operational issues. A PC Health Check tool is available to assess device compatibility with Windows 11. The minimum requirements for running Windows 11 include a 1 GHz processor with 2 or more cores, 4 GB RAM, 64 GB storage, UEFI firmware with Secure Boot, TPM 2.0, a DirectX 12 compatible graphics card, and a high-definition display.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild

Microsoft's February Patch Tuesday update addresses 61 vulnerabilities, including 25 critical Remote Code Execution (RCE) vulnerabilities. Three of these are zero-days, actively exploited before the update: 1. CVE-2023-24932: Secure Boot security feature bypass requiring physical access or administrative rights. 2. CVE-2025-21391: Windows Storage elevation of privilege vulnerability that could lead to data deletion. 3. CVE-2025-21418: Vulnerability in Windows Ancillary Function Driver for WinSock allowing privilege escalation. Critical vulnerabilities include: - CVE-2025-21376: Windows LDAP RCE vulnerability. - CVE-2025-21379: RCE vulnerability in DHCP Client Service. - CVE-2025-21381: RCE vulnerability in Microsoft Excel. The update also addresses additional vulnerabilities related to remote code execution, elevation of privilege, denial of service, security feature bypass, spoofing, and information disclosure across various Microsoft products. Microsoft advises immediate application of the updates to mitigate risks.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE’s Fixed

Microsoft released its February 2025 Patch Tuesday security updates, addressing over 61 vulnerabilities across its products. The updates include: - 25 Remote Code Execution vulnerabilities - 14 Elevation of Privilege vulnerabilities - 6 Denial of Service vulnerabilities - 4 Security Feature Bypass vulnerabilities - 2 Spoofing vulnerabilities - 1 Information Disclosure vulnerability Notable critical vulnerabilities include: - CVE-2025-21376: Remote code execution risk via LDAP protocol. - CVE-2025-21379: Flaw in DHCP client service allowing system compromise via crafted network packets. - CVE-2025-21381, CVE-2025-21386, CVE-2025-21387: Multiple vulnerabilities in Microsoft Excel enabling code execution through specially crafted files. - CVE-2025-21406, CVE-2025-21407: Vulnerabilities in Windows Telephony Service allowing remote code execution. Two vulnerabilities confirmed as actively exploited: - CVE-2023-24932: Bypass of Secure Boot protections. - CVE-2025-21391: Elevated privileges on affected systems. - CVE-2025-21418: Gain SYSTEM privileges through exploitation. Other notable fixes include vulnerabilities in Visual Studio and Microsoft Office that could lead to remote code execution. Users can apply updates via Windows Update, Microsoft Update Catalog, or WSUS. Microsoft emphasizes the urgency of these updates due to the active exploitation of certain vulnerabilities.

Winsage

February 6, 2025

Microsoft script updates bootable media for BlackLotus bootkit fixes

Microsoft has released a PowerShell script to help users and administrators update bootable media, integrating the "Windows UEFI CA 2023" certificate. This update is in response to the BlackLotus UEFI bootkit, which can bypass Secure Boot and disable Windows security features. Microsoft has issued prior updates in March 2023 and plans additional measures for July 2024, addressing a Secure Boot bypass vulnerability (CVE-2023-24932). The fix will be rolled out in phases before full enforcement anticipated by 2026. The update will include the "Windows UEFI CA 2023" certificate in the UEFI Secure Boot Signature Database and revoke the "Windows Production CA 2011" certificate for older boot managers. Administrators are advised to update bootable media to use the new certificate to avoid booting issues. The PowerShell script is compatible with various media formats and requires the Windows ADK for functionality. Microsoft recommends thorough testing before the enforcement phase, which will begin by the end of 2026, with a six-month notice prior to implementation.

Winsage

February 5, 2025

No Windows 11 hardware requirement workaround for you!

Microsoft has removed guidance on bypassing the Trusted Platform Module (TPM) 2.0 requirement for installing Windows 11 from its help page. This change indicates a potential shift in policy regarding the installation of Windows 11 on PCs without TPM 2.0. The workaround previously involved creating a Windows Registry key but still required TPM 1.2. The removal occurred between December 12 and 14, 2024, according to the Wayback Machine's archives. Additionally, Microsoft tightened another method for bypassing the TPM requirement in August 2024, while third-party applications like Flyby11 are still available but have recently been flagged by Microsoft Defender as potentially unwanted software. These developments suggest that Microsoft is reinforcing its requirement for Windows 11 to be installed on machines with TPM 2.0.

Winsage

February 5, 2025

Microsoft addresses Windows vulnerability with PowerShell script

Microsoft has introduced a PowerShell script, KB5053484, to address the 2023 BlackLotus Secure Boot vulnerability (CVE-2023-24932) in Windows operating systems. This update targets Windows-bootable media and aligns with the new Secure Boot Certificate Authority (CA) released in February 2024, replacing the outdated CA from 2011. The BlackLotus vulnerability allows attackers to bypass Secure Boot in Windows 10 and 11, potentially injecting harmful code at the UEFI level. The update is available immediately to enhance security against this threat.

Winsage

February 5, 2025

KB5053484: Microsoft shares new PowerShell script for updated Windows 11/10 boot media

In February 2024, Microsoft announced the rollout of new 2023 Secure Boot Certificate Authority (CA) keys to replace the 2011 certificates that were introduced with Windows 8. This initiative began with Patch Tuesday updates, specifically KB5034765 for Windows 11 and KB5034763 for Windows 10, as the 2011 certificates are set to expire in 2026. Microsoft released a PowerShell script, Make2023BootableMedia.ps1, to update Windows bootable media for compatibility with the new Windows UEFI CA 2023 certificate, addressing the Black Lotus Secure Boot vulnerability (CVE-2023-24932). The script can update various types of bootable media, including ISO files, USB drives, and local or network drive paths. Users must have the latest Windows Assessment and Deployment Kit (Windows ADK) for the script to function properly, and it should be executed from an elevated PowerShell prompt with the appropriate media source provided. Comprehensive details are available in the KB5053484 support article on Microsoft's website.

Winsage

December 25, 2024

Microsoft posts official uninstall and recovery guide for botched Windows 11/10 update

Microsoft released a new support article detailing the functionality of the Windows 11 feature 'Fix problems using Windows Update' and scenarios where it may not be effective. A shortcut link to the recovery settings menu has been introduced as part of the guidance for installing Windows 11 on unsupported hardware. Microsoft updated another support article regarding the uninstallation of Windows Updates, now including instructions for using the Windows Recovery Environment (WinRE) for this purpose, applicable to both Windows 10 and 11. Users can uninstall updates via WinRE by accessing Troubleshoot > Advanced options > Uninstall Updates. A disclaimer about the end of support for Windows 10 is also present on the page. Additionally, a cautionary note regarding BitLocker recovery key requirements is included. Microsoft has emphasized the importance of system requirements such as TPM and Secure Boot in relation to Windows 11 24H2. Third-party backup and cloning applications are making adjustments to align with these updates.

Winsage

December 20, 2024

Why Windows 11 requires a TPM – and how to get around it

Microsoft introduced a hardware compatibility requirement for Windows 11 in 2021, mandating the Trusted Platform Module (TPM) 2.0 standard. A TPM is a secure cryptoprocessor designed to manage security-related tasks and encryption keys, enhancing system security by encrypting data, generating random numbers, and validating digital signatures. The TPM architecture is defined by the ISO/IEC 11889 standard. TPM can be integrated as a chip on a motherboard or within firmware, with major companies like Intel, AMD, and Qualcomm adopting this technology. TPM 2.0 is essential for Windows security features, working with Secure Boot to ensure only trusted code is executed at startup and facilitating biometric authentication through Windows Hello. It also secures BitLocker keys, making unauthorized data access difficult. Most PCs manufactured from 2016 onwards include TPM 2.0 by default, while older systems may have limited TPM capabilities or adhere to the unsupported TPM 1.2 standard. Users can check their TPM status using the System Information tool. TPM functionality is not exclusive to Windows; it is also utilized in Linux PCs and IoT devices, while Apple devices use a different architecture called Secure Enclave. Windows 10 and 11 automatically initialize the TPM during installation, and users can upgrade to Windows 11 with any version of TPM through a registry modification.

Winsage

December 17, 2024

If your Windows 10 PC can’t be upgraded, you have 5 options before time runs out

The end-of-support date for Windows 10 is October 14, 2025, after which users will not receive any updates, including security fixes. Microsoft will not extend support, and the final version, 22H2, will receive monthly security updates until that date. Users can choose to continue using Windows 10, buy new hardware, transition to a Linux distribution, pay for Extended Security Updates (ESUs), or attempt to upgrade incompatible hardware to Windows 11. ESUs are available at a cost, with pricing increasing over three years. There are methods to upgrade to Windows 11 on incompatible systems, including registry edits and using tools like Rufus.