Manage-bde –Protectors –Disable C: -RebootCount 3 Run the following command from an Administrator command prompt to suspend BitLocker for 3 restart cycles. On a device that has Credential Guard enabled, there may be multiple restarts during the update that require BitLocker to be suspended. Note Do not enable BitLocker protection without additionally restarting the device as it would result in BitLocker recovery. Then, restart the device to resume the BitLocker protection. Manage-bde –Protectors –Disable C: -RebootCount 1 On a device that does not have Credential Gard enabled, run following command from an Administrator command prompt to suspend BitLocker for 1 reboot cycle: To workaround this issue, do one of the following based on credential guard configuration before you deploy this update: To view the PCR7 binding status, run the Microsoft System Information (Msinfo32.exe) tool with administrative permissions. If BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the BitLocker recovery key being required on some devices where PCR7 binding is not possible. To resolve this issue, contact your firmware OEM. Some original equipment manufacturer (OEM) firmware might not allow for the installation of this update. To learn more about this security vulnerability, see CVE-2020-0689 | Microsoft Secure Boot Security Feature Bypass Vulnerability. This security update addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX. An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software. This update adds modules to the DBX.Ī security feature bypass vulnerability exists in secure boot. The Secure Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading.
Windows devices that has Unified Extensible Firmware Interface (UEFI) based firmware can run with Secure Boot enabled. This security update makes improvements to Secure Boot DBX for the supported Windows versions listed in the "Applies to" section. This security update applies only to the following Windows versions: IMPORTANT This article is superseded by KB5012170: Security update for Secure Boot DBX.
0 kommentar(er)
