6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
27.4%
NOTE Improved diagnostics have been added to detect and report issue details through the event log. Please see KB5016061: Addressing vulnerable and revoked Boot Managers for more information.
This security update applies only to the following Windows versions:
* Windows Server 2012
This security update makes improvements to Secure Boot DBX for the supported Windows versions listed in the “Applies to” section. Key changes include the following:
* Windows devices that has Unified Extensible Firmware Interface (UEFI) based firmware can run with Secure Boot enabled. The Secure Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading. This update adds modules to the DBX.
A security feature bypass vulnerability exists in secure boot. An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software.
This security update addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX.
To learn more about this security vulnerability, see the following advisory:
* [ADV200011 | Microsoft Guidance for Addressing Security Feature Bypass in GRUB](<https://msrc.microsoft.com/update-guide/vulnerability/ADV200011>)
For additional information about this security vulnerability, see the following resources:
* [CVE-2022-34301 | Eurosoft Boot Loader Bypass](<https://vulners.com/cve/CVE-2022-34301>)
Issue | Next step |
---|---|
If BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the update failing to install.To view the PCR7 binding status, run the Microsoft System Information (Msinfo32.exe) tool with administrative permissions. | To workaround this issue, do one of the following before you deploy this update: |
Manage-bde –Protectors –Disable C: -RebootCount 1
`Then, deploy the update and restart the device to resume the BitLocker protection.
Manage-bde –Protectors –Disable C: -RebootCount 3
`Then, deploy the update and restart the device to resume the BitLocker protection.
When attempting to install this update, it might fail to install, and you might receive Error 0x800f0922.Note This issue only affects this security update for Secure Boot DBX (KB5012170) and does not affect the latest cumulative security updates, monthly rollups, or security-only updates.| To resolve this issue, install the Servicing Stack Update (SSU) released March 14, 2023, or a later SSU update, for your supported Windows operating system:
Release Channel | Available | Next Step |
---|---|---|
Windows Update or Microsoft Update | Yes | None. This update will be downloaded and installed automatically from Windows Update. |
Windows Update for Business | Yes | None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. |
Microsoft Update Catalog | Yes | To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) | Yes | This update will automatically synchronize with WSUS if you configure Products and Classifications as follows:Product: Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows 10, version 1903 and later, Windows 11, Azure Stack HCI, Azure Data BoxClassification: Security Updates PrerequisitesMake sure you have the lastest servicing stack update (SSU) installed. For information about the latest SSU for your operating system, see [ADV990001 |
The English (United States) version of this security update installs files that have the attributes that are listed in the following tables.
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 13-Jul-2022 | 18:12 | 3 |
dbxupdate.bin | Not versioned | 13-Jul-2022 | 18:12 | 13,778 |
TpmTasks.dll | 10.0.17784.2602 | 20-Jul-2022 | 21:53 | 114,688 |
__
For all supported x86-based versions
File name | File version | Date | Time | File version |
---|---|---|---|---|
dbupdate.bin | Not versioned | 13-Jun-2022 | 21:46 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 17:50 | 6,002 |
TpmTasks.dll | 10.0.17763.10933 | 20-Jul-2022 | 21:13 | 84,992 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 13-Jul-2022 | 18:07 | 3 |
dbxupdate.bin | Not versioned | 13-Jul-2022 | 18:07 | 13,778 |
TpmTasks.dll | 10.0.17763.10933 | 20-Jul-2022 | 21:32 | 110,592 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 16-Jun-2022 | 19:56 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:18 | 13,778 |
TpmTasks.dll | 10.0.19041.1880 | 11-Jul-2022 | 21:05 | 296,960 |
__
For all supported Arm64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 6-Jun-2022 | 18:24 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:16 | 4,370 |
TpmTasks.dll | 10.0.19041.1880 | 11-Jul-2022 | 20:43 | 324,096 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 23-Apr-2022 | 14:18 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:06 | 13,778 |
TpmTasks.dll | 10.0.22000.850 | 11-Jul-2022 | 20:34 | 323,584 |
__
For all supported Arm64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 23-Apr-2022 | 14:18 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:04 | 4,370 |
TpmTasks.dll | 10.0.22000.850 | 11-Jul-2022 | 20:50 | 313,856 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 23-Apr-2022 | 14:18 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:06 | 13,778 |
TpmTasks.dll | 10.0.22000.850 | 11-Jul-2022 | 20:34 | 323,584 |
__
For all supported Arm64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 23-Apr-2022 | 14:18 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:04 | 4,370 |
TpmTasks.dll | 10.0.22000.850 | 11-Jul-2022 | 20:50 | 313,856 |
__
For all supported x86-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 30-Dec-21 | 18:29 | 3 |
dbxupdate.bin | Not versioned | 21-Jul-22 | 0:24 | 6,002 |
TpmTasks.dll | 10.0.14393.5285 | 21-Jul-22 | 0:25 | 59,904 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 30-Sep-21 | 13:17 | 3 |
dbxupdate.bin | Not versioned | 21-Jul-22 | 1:38 | 13,778 |
TpmTasks.dll | 10.0.14393.5285 | 21-Jul-22 | 1:42 | 72,192 |
__
For all supported Arm64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 6-Jun-2022 | 18:24 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:16 | 4,370 |
TpmTasks.dll | 10.0.19041.1880 | 11-Jul-2022 | 20:43 | 324,096 |
__
For all supported x86-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 11-Jul-2022 | 18:16 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:16 | 6,002 |
TpmTasks.dll | 10.0.19041.1880 | 11-Jul-2022 | 20:38 | 242,688 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 16-Jun-2022 | 19:56 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:18 | 13,778 |
TpmTasks.dll | 10.0.19041.1880 | 11-Jul-2022 | 21:05 | 296,960 |
__
For all supported Arm64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 6-Jun-2022 | 18:24 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:16 | 4,370 |
TpmTasks.dll | 10.0.19041.1880 | 11-Jul-2022 | 20:43 | 324,096 |
__
For all supported x86-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 27-Jun-2022 | 17:57 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 17:47 | 6,002 |
TpmTasks.dll | 10.0.17763.3280 | 11-Jul-2022 | 21:36 | 84,992 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 24-May-2022 | 12:34 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 17:50 | 13,778 |
TpmTasks.dll | 10.0.17763.3280 | 11-Jul-2022 | 21:40 | 110,592 |
__
For all supported Arm64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 24-May-2022 | 12:33 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 17:49 | 4,370 |
TpmTasks.dll | 10.0.17763.3280 | 11-Jul-2022 | 21:30 | 115,712 |
__
For all supported x86-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 30-Dec-2021 | 18:29 | 3 |
dbxupdate.bin | Not versioned | 12-Jul-2022 | 20:44 | 6,002 |
TpmTasks.dll | 10.0.14393.5281 | 12-Jul-2022 | 20:44 | 59,904 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 30-Sep-2021 | 13:17 | 3 |
dbxupdate.bin | Not versioned | 14-Jul-2022 | 2:15 | 13,778 |
TpmTasks.dll | 10.0.14393.5281 | 14-Jul-2022 | 2:17 | 72,192 |
__
For all supported x86-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 11-Jul-2022 | 18:41 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:41 | 6,002 |
TpmTasks.dll | 10.0.10240.19297 | 2-May-2022 | 16:52 | 46,080 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 11-Jul-2022 | 18:41 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:41 | 13,778 |
TpmTasks.dll | 10.0.10240.19297 | 2-May-2022 | 16:56 | 56,320 |
__
For all supported x86-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 28-Oct-2021 | 12:35 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:51 | 6,002 |
TpmTasks.dll | 6.3.9600.20512 | 11-Jul-2022 | 20:50 | 152,576 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 1-Jan-2022 | 0:00 | 3 |
dbxupdate.bin | Not versioned | 12-Jul-2022 | 12:36 | 13,778 |
TpmTasks.dll | 6.3.9600.20512 | 12-Jul-2022 | 14:57 | 181,760 |
__
For all supported Arm-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 14-Oct-2021 | 18:42 | 3 |
dbxupdate.bin | Not versioned | 7-Jun-2022 | 12:03 | 7,085 |
TpmTasks.dll | 6.3.9600.20512 | 11-Jul-2022 | 20:38 | 137,216 |
__
For all supported x86-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 11-Jul-2022 | 18:14 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:14 | 6,002 |
TpmTasks.dll | 6.2.9200.23709 | 21-Apr-2022 | 12:26 | 81,408 |
__
For all supported x64-based versions
File name | File version | Date | Time | File size |
---|---|---|---|---|
dbupdate.bin | Not versioned | 17-Jun-2022 | 18:01 | 3 |
dbxupdate.bin | Not versioned | 11-Jul-2022 | 18:07 | 13,778 |
TpmTasks.dll | 6.2.9200.23709 | 21-Apr-2022 | 12:45 | 99,328 |
Learn about the standard terminology that is used to describe Microsoft software updates.
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
27.4%