{"id":46604,"date":"2022-08-16T03:32:05","date_gmt":"2022-08-16T03:32:05","guid":{"rendered":"https:\/\/harchi90.com\/microsoft-secure-boot-fix-sends-pcs-into-bitlocker-recovery-the-register\/"},"modified":"2022-08-16T03:32:05","modified_gmt":"2022-08-16T03:32:05","slug":"microsoft-secure-boot-fix-sends-pcs-into-bitlocker-recovery-the-register","status":"publish","type":"post","link":"https:\/\/harchi90.com\/microsoft-secure-boot-fix-sends-pcs-into-bitlocker-recovery-the-register\/","title":{"rendered":"Microsoft Secure Boot fix sends PCs into BitLocker Recovery \u2022 The Register"},"content":{"rendered":"<div id=\"body\">\n<p>Windows users are reporting BitLocker problems after installing last week&#8217;s security update for Secure Boot.<\/p>\n<p>The issues are related to KB5012170, which is designed to plug some Secure Boot holes.  It&#8217;s important for users running kit with Unified Extensible Firmware Interface (UEFI) firmware.  &#8220;A security feature bypass vulnerability exists in secure boot,&#8221; wrote Microsoft.  &#8220;An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software.&#8221;<\/p>\n<p>The patch adds the signatures of the known vulnerable UEFI modules to the Secure Boot Forbidden Signature Database (DBX).<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n        <noscript><\/p>\n<p>                <\/p>\n<p>        <\/noscript>\n    <\/div>\n<p>Alas, it appears to do a bit more than that.  Lurking in the known issues are warnings that some OEM firmware won&#8217;t allow the update to be installed.  The update might also fail to install with certain BitLocker Group Policy configurations or an <code>0x800f0922<\/code> might be thrown up.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\">\n            <noscript><\/p>\n<p>                    <img src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_software\/oses&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YvsPtJnEvAh6Kco@MobbCQAAAIY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/p>\n<p>            <\/noscript>\n        <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\">\n                <noscript><\/p>\n<p>                        <img src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_software\/oses&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YvsPtJnEvAh6Kco@MobbCQAAAIY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/p>\n<p>                <\/noscript>\n            <\/div>\n<\/p><\/div>\n<p>Then there is the tripping of BitLocker recovery, which is not currently listed as a known issue.<\/p>\n<p>The problem occurs on boot, and bring up the BitLocker Recovery screen into which a user is supposed to enter a key.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n            <noscript><\/p>\n<p>                    <img src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_software\/oses&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YvsPtJnEvAh6Kco@MobbCQAAAIY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/p>\n<p>            <\/noscript>\n        <\/div>\n<p>The depressingly familiar groundswell of grumbling has got under way as a few users have found themselves with unbootable computers unless they can provide the magic key.<\/p>\n<div class=\"CaptionedImage Center\"><img loading=\"lazy\" src=\"https:\/\/i0.wp.com\/regmedia.co.uk\/2022\/08\/15\/bitlocker_redacted.jpg?resize=648%2C485&#038;ssl=1\" alt=\"bitlocker recovery screen\" title=\"bitlocker recovery screen\" height=\"485\" width=\"648\" data-recalc-dims=\"1\" \/><\/p>\n<p class=\"text_center\">A screenshot sent to us by a reader<\/p>\n<\/div>\n<p><i>register<\/i> reader Anthony got in touch to tell us that out of the 400 PCs his company managed, 2 percent (all Windows 11) booted to a BitLocker recovery screen after the update.<\/p>\n<p>&#8220;There is seemingly no way around it if the user doesn&#8217;t have the key, which is the case most of the time!&#8221;<\/p>\n<p>BitLocker is a drive encryption feature aimed at keeping data secure.  The recovery process restores access to data and requires the user to supply a lengthy password (or a domain administrator can get the password via Active Directory Domain Services).  Anthony told us he was able to log into Azure and retrieve the recovery keys.<\/p>\n<p>&#8220;This is the sort of thing the average user would certainly not be able to do,&#8221; he said.  &#8220;For some of them it was easy, for others it was a detective game to find out which license was assigned to which computer.&#8221;<\/p>\n<p>As for what the patch did to cause the problem, there are a variety of candidates (if one discounts attack attempts).  One potential cause listed by Microsoft in its BitLocker documentation is &#8220;upgrading critical early startup components, such as a BIOS or UEFI firmware upgrade, causing the related boot measurements to change.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\">\n            <noscript><\/p>\n<p>                    <img src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_software\/oses&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YvsPtJnEvAh6Kco@MobbCQAAAIY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/p>\n<p>            <\/noscript>\n        <\/div>\n<p><i>The Register<\/i> asked Microsoft for an explanation and will update should the company respond.<\/p>\n<p>In the meantime, it would probably be worth at least knowing how to get hold of your recovery key before hitting the update button.  just in case.  \u00ae<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Windows users are reporting BitLocker problems after installing last week&#8217;s security update for Secure Boot. The issues are related to KB5012170, which is designed to plug some Secure Boot holes. It&#8217;s important for users running kit with Unified Extensible Firmware Interface (UEFI) firmware. &#8220;A security feature bypass vulnerability exists in secure boot,&#8221; wrote Microsoft. &#8220;An &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/microsoft-secure-boot-fix-sends-pcs-into-bitlocker-recovery-the-register\/\"> <span class=\"screen-reader-text\">Microsoft Secure Boot fix sends PCs into BitLocker Recovery \u2022 The Register<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":13606,"url":"https:\/\/harchi90.com\/vulnerabilities-allowing-permanent-infections-affect-70-lenovo-laptop-models\/","url_meta":{"origin":46604,"position":0},"title":"Vulnerabilities allowing permanent infections affect 70 Lenovo laptop models","date":"July 13, 2022","format":false,"excerpt":"Lenovo For owners of more than 70 Lenovo laptop models, it's time once again to patch the UEFI firmware against critical vulnerabilities that attackers can exploit to install malware that's nearly impossible to detect or remove. The laptop maker on Tuesday released updates for three vulnerabilities that found researchers in\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":43547,"url":"https:\/\/harchi90.com\/how-to-upgrade-to-windows-11-whether-your-pc-is-supported-or-not-updated\/","url_meta":{"origin":46604,"position":1},"title":"How to upgrade to Windows 11, whether your PC is supported or not [Updated]","date":"August 12, 2022","format":false,"excerpt":"enlarge \/ You name it, we've tried installing Windows 11 on it.Andrew Cunningham We originally published this install guide for Windows 11 shortly after the OS was released in October 2021. To keep it current and as useful as possible, we updated it in August 2022 to cover tweaks that\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"If your drive uses the older MBR partition style, you will need to convert it to GPT before you can enable Secure Boot.","src":"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-06-083054.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":29005,"url":"https:\/\/harchi90.com\/asus-gigabyte-motherboards-with-intel-chipsets-vulnerable-to-cosmicstrand-uefi-firmware-rootkit-malware\/","url_meta":{"origin":46604,"position":2},"title":"ASUS &#038; Gigabyte Motherboards With Intel Chipsets Vulnerable To CosmicStrand &#8220;UEFI Firmware Rootkit&#8221; Malware","date":"July 29, 2022","format":false,"excerpt":"A new malware known as CosmicStrand has been discovered by Kaspersky which affects ASUS & Gigabyte motherboards featuring Intel chipsets. CosmicStrand \"UEFI Firmware Rootkit\" Malware Affects ASUS & Gigabyte's Motherboards With Intel Chipsets, Can Completely Crash Victim Machine The report states that CosmicStrand is a type of UEFI Firmware Rootkit,\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"ASUS & Gigabyte Motherboards With Intel Chipsets Vulnerable To CosmicStrand  ","src":"https:\/\/i0.wp.com\/cdn.wccftech.com\/wp-content\/uploads\/2022\/07\/CosmicStrand_UEFI_malware_01.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":26163,"url":"https:\/\/harchi90.com\/discovery-of-new-uefi-rootkit-exposes-an-ugly-truth-the-attacks-are-invisible-to-us\/","url_meta":{"origin":46604,"position":3},"title":"Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us","date":"July 26, 2022","format":false,"excerpt":"Getty Images Researchers have unpacked a major cybersecurity find\u2014a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced. The firmware compromises the UEFI, the low-level and highly opaque chain of firmware\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27031,"url":"https:\/\/harchi90.com\/for-years-some-gigabyte-and-asus-motherboards-carried-uefi-malware\/","url_meta":{"origin":46604,"position":4},"title":"For years, some Gigabyte and Asus motherboards carried UEFI malware","date":"July 27, 2022","format":false,"excerpt":"In context: Security firm ESET discovered the first UEFI rootkit that had been used in the wild back in 2018. This type of persistent threat used to be the subject of theoretical discussions among security researchers, but over the past years, it's become clear that it's a lot more common\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/static.techspot.com\/images2\/news\/bigimage\/2022\/07\/2022-07-26-image-14.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":41818,"url":"https:\/\/harchi90.com\/the-hacking-of-starlink-terminals-has-begun\/","url_meta":{"origin":46604,"position":5},"title":"The Hacking of Starlink Terminals Has Begun","date":"August 11, 2022","format":false,"excerpt":"\u201cFrom a high-level view, there are two obvious things that you could try to attack: the signature verification or the hash verification,\u201d Wouters says. The glitch works against the signature verification process. \u201cNormally you want to avoid shorts,\u201d he says. \u201cIn this case we do it on purpose.\u201dInitially, Wouters attempted\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"fifu_image_url":"https:\/\/regmedia.co.uk\/2022\/08\/15\/bitlocker_redacted.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/46604"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=46604"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/46604\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=46604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=46604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=46604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}