UEFI Archives

Winsage

February 22, 2025

6 things you didn’t know you can do with advanced startup settings in Windows

To access the advanced startup options in Windows, navigate to Settings > System > Recovery > Restart now, or it may appear after repeated boot failures. System Restore allows users to revert their PC to a previous state to undo recent changes, accessible from the advanced startup options by selecting Troubleshoot > Advanced options > System restore. Windows enables users to create a system image, an exact replica of their hard drive, which can be restored from the advanced startup options by selecting Troubleshoot > Advanced options > See more recovery options > System Image Recovery. Users can roll back recent system updates through the advanced startup options by selecting Troubleshoot > Advanced options > Uninstall updates. Safe Mode, accessible via the advanced startup options by selecting Troubleshoot > Advanced options > Startup settings, helps troubleshoot driver issues by loading Windows with only essential drivers. Users can access BIOS settings through the advanced startup options by navigating to Troubleshoot > Advanced options > UEFI Firmware settings. The advanced startup options allow for testing unsigned drivers by selecting Troubleshoot > Advanced options > Startup settings and pressing 7 after restarting, though this is rarely needed.

Winsage

February 17, 2025

Windows 11 and 10 receive key security improvements

Microsoft has released significant updates for Windows 11 and Windows 10, focusing on system security and user-friendly features. The February 2025 update includes security patches and functional improvements for both operating systems. For Windows 11 users on versions 23H2 and 24H2, notable features include automatic tab restoration in File Explorer, quick access to Windows Studio Effects from the taskbar for devices with Neural Processing Units (NPU), refined taskbar app preview animations, and improvements to Auto HDR for better visual clarity in games. Additionally, issues with slow shutdowns when game controllers are connected and USB camera recognition have been addressed. For Windows 10 users on builds 19044.5487 and 19045.5487, the update integrates the new Outlook app into the system menu while preserving existing email settings and fixes a virtual memory leak issue that caused crashes in resource-intensive applications. Both updates address 55 security vulnerabilities, including: - CVE-2025-21391: risk of unauthorized file deletion in Windows storage - CVE-2025-21377: NTLM hash leakage potentially compromising user accounts - CVE-2025-21194: flaw in the hypervisor that could bypass UEFI security Users are advised to install these updates promptly due to the increased risk of exploitation. Some features will be rolled out gradually over the coming weeks.

Winsage

February 13, 2025

February’s Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical

Microsoft has released a patch addressing 63 vulnerabilities, following a previous update that fixed 159 flaws. The vulnerabilities are categorized by severity: critical, important, moderate, and low. Three critical vulnerabilities requiring user action are: - CVE-2025-21376: Affects Windows LDAP, allowing remote control of systems using Active Directory. - CVE-2025-21379: Pertains to potential Man-in-the-Middle attacks, enabling attackers to manipulate communications and steal data. - CVE-2025-21381: Can be exploited by tricking users into downloading malicious files, allowing arbitrary code execution. Two zero-day vulnerabilities already under exploitation are: - CVE-2025-21391: Allows attackers to bypass access controls and delete files. - CVE-2025-21418: Enables attackers to gain system privileges for configuration and user management. Other notable vulnerabilities include: - CVE-2025-21194: A hypervisor vulnerability that could compromise the kernel. - CVE-2025-21377: Could expose NTLM hashes, allowing impersonation of users. - CVE-2025-21198: Affects Microsoft's HPC systems, allowing complete control through a malicious web request, with a high CVSS score of 9.0. Users are advised to update Windows to safeguard their systems.

Winsage

February 12, 2025

You Should Install This Windows Security Patch Right Away

Microsoft's February 2025 Patch Tuesday security update addresses 55 security vulnerabilities across the Windows platform, including: - 22 remote code execution vulnerabilities - 19 elevation of privilege vulnerabilities - 9 denial of service vulnerabilities - 3 spoofing vulnerabilities - 2 security feature bypass vulnerabilities - 1 information disclosure vulnerability Among these, four vulnerabilities are classified as critical zero-day vulnerabilities, with two requiring immediate attention. 1. CVE-2025-21194: A security feature bypass vulnerability related to Microsoft Surface devices, potentially allowing unauthorized access to Windows virtual machines. 2. CVE-2025-21377: An NTLM hash disclosure spoofing vulnerability that could allow attackers to retrieve plain-text passwords by interacting with a malicious file. The other two zero-day vulnerabilities confirmed to be actively exploited are: 1. CVE-2025-21391: A Windows storage elevation of privilege vulnerability that enables deletion of targeted files on a user's computer. 2. CVE-2025-21418: A vulnerability that allows attackers to gain elevated system privileges within Windows. Users are advised to install the patch promptly to protect their systems.

Winsage

February 12, 2025

Microsoft issues Windows 11 alert and says to ‘roll back to Windows 10’ now

Windows 10 will reach its end of life on October 14, 2025, after which Microsoft will stop providing free updates and security patches. Users can transition to Windows 11 by purchasing a new laptop with it pre-installed, opting for Extended Security Updates (ESUs) for older machines, or upgrading existing devices. Windows 11 has specific system requirements, including a Trusted Platform Module (TPM) version 2.0. Microsoft warns that installing Windows 11 on incompatible hardware will result in a watermark and operational issues. A PC Health Check tool is available to assess device compatibility with Windows 11. The minimum requirements for running Windows 11 include a 1 GHz processor with 2 or more cores, 4 GB RAM, 64 GB storage, UEFI firmware with Secure Boot, TPM 2.0, a DirectX 12 compatible graphics card, and a high-definition display.

Winsage

February 6, 2025

Microsoft script updates bootable media for BlackLotus bootkit fixes

Microsoft has released a PowerShell script to help users and administrators update bootable media, integrating the "Windows UEFI CA 2023" certificate. This update is in response to the BlackLotus UEFI bootkit, which can bypass Secure Boot and disable Windows security features. Microsoft has issued prior updates in March 2023 and plans additional measures for July 2024, addressing a Secure Boot bypass vulnerability (CVE-2023-24932). The fix will be rolled out in phases before full enforcement anticipated by 2026. The update will include the "Windows UEFI CA 2023" certificate in the UEFI Secure Boot Signature Database and revoke the "Windows Production CA 2011" certificate for older boot managers. Administrators are advised to update bootable media to use the new certificate to avoid booting issues. The PowerShell script is compatible with various media formats and requires the Windows ADK for functionality. Microsoft recommends thorough testing before the enforcement phase, which will begin by the end of 2026, with a six-month notice prior to implementation.

Winsage

February 5, 2025

Microsoft addresses Windows vulnerability with PowerShell script

Microsoft has introduced a PowerShell script, KB5053484, to address the 2023 BlackLotus Secure Boot vulnerability (CVE-2023-24932) in Windows operating systems. This update targets Windows-bootable media and aligns with the new Secure Boot Certificate Authority (CA) released in February 2024, replacing the outdated CA from 2011. The BlackLotus vulnerability allows attackers to bypass Secure Boot in Windows 10 and 11, potentially injecting harmful code at the UEFI level. The update is available immediately to enhance security against this threat.

Winsage

February 5, 2025

KB5053484: Microsoft shares new PowerShell script for updated Windows 11/10 boot media

In February 2024, Microsoft announced the rollout of new 2023 Secure Boot Certificate Authority (CA) keys to replace the 2011 certificates that were introduced with Windows 8. This initiative began with Patch Tuesday updates, specifically KB5034765 for Windows 11 and KB5034763 for Windows 10, as the 2011 certificates are set to expire in 2026. Microsoft released a PowerShell script, Make2023BootableMedia.ps1, to update Windows bootable media for compatibility with the new Windows UEFI CA 2023 certificate, addressing the Black Lotus Secure Boot vulnerability (CVE-2023-24932). The script can update various types of bootable media, including ISO files, USB drives, and local or network drive paths. Users must have the latest Windows Assessment and Deployment Kit (Windows ADK) for the script to function properly, and it should be executed from an elevated PowerShell prompt with the appropriate media source provided. Comprehensive details are available in the KB5053484 support article on Microsoft's website.

Winsage

December 26, 2024

ACPI wake alarm does not disable; How to disable it?

If your Windows system is waking up at night due to an ACPI Wake Alarm, you can try several solutions to resolve the issue: 1. Adjust Hibernate Settings: Change the Hibernate after Sleep feature in Power Options to a higher value or disable it by setting it to 0 (Never). 2. BIOS/UEFI Configuration: Access the BIOS/UEFI setup and disable the Wake on RTC Alarm if enabled. 3. PowerShell and Command Line for Wake Timers: Use commands like PLACEHOLDERd65d9fd27963b5bd to review power settings and PLACEHOLDER0384fd2e90496902 to disable specific devices from waking the computer. 4. Disable Wake Timers: In Power Settings, set Allow wake timers to disable for both On Battery and Plugged In states. 5. Check Security and Maintenance Settings: Uncheck the option for Allow scheduled maintenance to wake up my computer in the Security and Maintenance settings. 6. Task Scheduler Settings: Review scheduled tasks and uncheck the “Wake the computer to run this task” option in the Conditions tab. 7. Event Viewer Analysis: Check the Event Viewer under Windows Logs > System to identify the Wake Source, which may indicate the ACPI Wake Alarm. The issue often arises from ACPI wake alarms that can override wake timer settings, necessitating a thorough examination of all related configurations to fully disable them.

Winsage

December 20, 2024

Why Windows 11 requires a TPM – and how to get around it

Microsoft introduced a hardware compatibility requirement for Windows 11 in 2021, mandating the Trusted Platform Module (TPM) 2.0 standard. A TPM is a secure cryptoprocessor designed to manage security-related tasks and encryption keys, enhancing system security by encrypting data, generating random numbers, and validating digital signatures. The TPM architecture is defined by the ISO/IEC 11889 standard. TPM can be integrated as a chip on a motherboard or within firmware, with major companies like Intel, AMD, and Qualcomm adopting this technology. TPM 2.0 is essential for Windows security features, working with Secure Boot to ensure only trusted code is executed at startup and facilitating biometric authentication through Windows Hello. It also secures BitLocker keys, making unauthorized data access difficult. Most PCs manufactured from 2016 onwards include TPM 2.0 by default, while older systems may have limited TPM capabilities or adhere to the unsupported TPM 1.2 standard. Users can check their TPM status using the System Information tool. TPM functionality is not exclusive to Windows; it is also utilized in Linux PCs and IoT devices, while Apple devices use a different architecture called Secure Enclave. Windows 10 and 11 automatically initialize the TPM during installation, and users can upgrade to Windows 11 with any version of TPM through a registry modification.