KB5012170 is a UEFI bootloader security update released by Microsoft for supported versions of Windows
8.1-11 and Windows Server. At present, the update has been found to have various problems, including but not limited to the blue screen of death, the BitLocker problem, disk configuration errors, etc.
On Microsoft’s official forums, Twitter, and Reddit, a considerable number of users have complained about the problems caused by the update, which seriously affects the normal use of enterprises. The update will also affect ordinary consumers, resulting in blue screens of death and longer system startup times. Microsoft writes
: “If BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the update failing to install. When attempting to install this update, it might fail to install, and you might receive Error 0x800f0922.”
Researchers have discovered a security flaw in the UEFI firmware used by Microsoft that could allow attackers to bypass the secure boot process and execute unsigned code. Attackers can use methods including, but not limited to, using a signed UEFI Shell to read and write memory, listing handles, and mapping memory to evade secure boot.
For the above vulnerabilities, attackers can even use startup scripts to easily automate and achieve persistence. It is difficult for users to find problems and reinstalling the system is useless. In order to solve this problem, Microsoft released an independent update (KB5012170) to launch the secure boot prohibition signature database. If there is no correct boot system, the system will not be able to start normally.
At present, it is recommended that users suspend the installation of this update or go to the official website of the OEM manufacturer to find a new version of the firmware. It will be less problematic to upgrade the firmware first and then install the update.