3,085 questions
The reg key will revert back to 0 when the update has been applied. You can find out if the update has been applied in the Event Log (see the KB article you linked).
HKLM\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates after PC restart.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 66%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
Andy Wong
1
Reputation point
I follow this KB KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support
After installing the Windows updates released on or after July 11, 2023, open a Command Prompt window running as an Administrator, type the following command and then press Enter:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x30 /f
I modified the REG_DWORD to have a value of 0x30 and applied the change by manually resetting it. However, the value keeps reverting back to the default value of 0. I also attempted to modify it through gpo, but it's not working either. Could someone assist me in figuring out what I might be overlooking in this situation?
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 32%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ1%3C/text%3E%3C/svg%3E)
JeffreyTigchelaar-1585 5 Reputation points2023-07-20T09:57:10.4233333+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 36%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Krishnareddy K 31 Reputation points2023-07-27T10:13:03.3666667+00:00 If the value is reverted to 0.
Then why Microsoft is recommending this value to set 30.
Sign in to comment -
-
Wesley Li-MSFT 4,571 Reputation points Microsoft External Staff2023-07-18T06:29:27.2433333+00:00 Hello
It seems like you're facing an issue with modifying the registry value to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. If the registry value keeps reverting back to the default value of 0, there could be a few reasons for this behavior. Let's troubleshoot the situation:
Registry Permissions: Ensure that you have sufficient permissions to modify the registry. To make changes to the registry, you need to be logged in as an administrator. Right-click on the Command Prompt and select "Run as administrator" to open an elevated Command Prompt.
Group Policy Conflicts: If you tried to modify the registry through Group Policy but it didn't work, there might be conflicts with other Group Policy settings. Double-check that no other policies are overriding the setting you are trying to modify. Run gpresult /H gpresult.html in an elevated Command Prompt to generate a report showing applied Group Policies and settings. Review the report to see if any other policies are affecting the Secure Boot settings.
Registry Value Corruption: There might be some registry corruption preventing the value from being set correctly. To fix this, you can try the following steps:
- Open an elevated Command Prompt.
- Run sfc /scannow to scan for and repair system file corruption.
- After the scan is complete, try setting the registry value again. Antivirus or Security Software: Sometimes, third-party antivirus or security software can interfere with registry changes related to security settings. Temporarily disable any such software and attempt to modify the registry value again.
Windows Update or Patch Issue: There might be an issue with the Windows update itself that is causing the registry value to revert. Ensure that you have installed the correct update and that there are no pending updates.
Wait for a Patch or Hotfix: If the issue persists despite trying the above steps, it's possible that there might be a bug or issue with the update itself. In that case, check the Microsoft support website or community forums for any known issues or hotfixes related to this specific update.
Remember to create a backup of your registry before making any changes to it. Incorrect modifications to the registry can cause system instability or other problems.
If the response is helpful, please click "Accept Answer" and upvote it.