Share via

Strange Question About .NET Updates, Any Help (and Willingness to Read) Appreciated

Anonymous
2023-11-15T23:48:10+00:00

so normally, as you know, when you install Windows Updates that require a restart, it boots up and places you in a blue screen with the words "Working on Updates", or "Updating Windows"

I know general Cumulative Updates will do this and go through this screen, but do .NET Updates do it as well? here's why I'm asking;

I downloaded the latest Cumulative Update for Windows 10 22H2 but I didn't want to actually install it yet since I was trying to go into my Asus UEFI Bios. I shut down my computer without updating, turned it back on, and went into the Bios without issue

when I came out of the Bios however, by clicking "Save and Reset", I came back into my room after leaving for a few seconds to see a black screen with a spinning update wheel

this black screen was the one you see when first starting up the computer, where it displays your motherboard/PC brand's logo (for me it's the ROG symbol), however the symbol had disappeared and the only thing on the screen was the update wheel and this text below it:

"Updating Your System"

once it reached 100%, it continued on to the normal Windows Update blue screen which said "Working on Updates" and eventually that finished and I was able to sign in. I checked Event Viewer > System, and it seems that exiting Bios triggered the installation of the Cumulative Update

my concern is with the "Updating Your System" message on the boot/black screen. I thought Windows wasn't loaded during the time that screen was up but I'm probably wrong

anyway, I thought maybe going into the Bios with a pending update will trigger the black screen "Updating Your System" before the normal blue Windows Update screen. but yesterday I did exactly that, and there was no Updating Your System message on the ROG/black screen

I had downloaded the latest .NET Cumulative Update last night but did not want to fully install it yet; I went into Bios and when I came out, I could've sworn there was no "Updating Your System" or even any blue "Working on Updates" screen. it just took me to the sign in screen like normal

but when I checked Event Viewer, it said the .NET update had been installed during that startup after I had exited the Bios

that's why I'm asking this strange question: do the .NET Cumulative Updates put users through the blue "Working on Updates" screen, or does it just silently install the update on restart and allow you to sign-in normally without any waiting?

normal Cumulative Updates DO take you through the Working on Update screen. so I thought maybe that's why the .NET update didn't cause any black 'Updating Your System' message after leaving Bios, while the Cumulative Update did

Windows for home | Windows 10 | Windows update

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-11-24T01:14:20+00:00

    Hi JJJ,

    This is really a special case and it is understandable that you are trying to understand the changes. Typically, Windows Update does not automatically change the Secure Boot key.Secure Boot is a security feature used to protect computers from malware and unauthorized booting of the operating system.Secure Boot uses a digital signature to ensure that only boot loaders and operating systems signed by trusted entities can boot.

    Typically, the Secure Boot key is pre-set by the computer manufacturer during the manufacturing process and stored in the computer's firmware. During normal use, Windows Updates usually do not make changes to the Secure Boot key. Changes to the key usually require manual intervention by the user and are made through the BIOS/UEFI setup.

    If you notice an unexpected change in your Secure Boot key, this may be a rare occurrence and may require a more in-depth investigation. You can check the documentation for recently installed updates or contact the device manufacturer's support team to find out if there is a specific update or firmware version that may be affecting the Secure Boot settings.

    Remaining vigilant and regularly monitoring your system's security settings are important steps in ensuring your system's security. If you have more questions or need further assistance, please feel free to ask!

    Your Sincerely

    Hahn - MSFT | Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments
  2. Anonymous
    2023-11-22T11:10:47+00:00

    I most definitely didn't do anything to trigger a change in the firmware; the Cumulative Update downloaded itself, then the Malicious Software Removal Tool update installed, I shut down the PC, went into Bios, came out of the Bios, forcing the Cumulative Update to fully install, and then I was away from my PC for the next few hours

    I've been monitoring the Key Management section since then, and I haven't observed any change. not to mention the keys were changed on 2 devices, not just 1. and both devices had recently installed the same updates

    Windows has been able to alter Secure Boot keys in the past; I think it may have been a specific update from August 2022 or somewhere around there

    I won't bother asking on Microsoft Learn because I've probably only received an answer once in the times I've been directed there but thank you for the clarification in your other reply

    Was this answer helpful?

    0 comments
  3. Anonymous
    2023-11-22T09:49:33+00:00

    Hi JJJ,

    Altering Secure Boot settings through Windows Updates or associated tools is highly unusual. The Windows Update process typically doesn't modify BIOS settings such as Secure Boot keys.

    Secure Boot keys are fundamental to the system's security, and changes to these keys usually require manual intervention or explicit actions within the BIOS/UEFI settings.

    It's more likely that an action you might have taken inadvertently caused the change in the Secure Boot keys. Sometimes, certain BIOS updates or firmware updates could prompt changes in these settings. However, it's advisable to review the release notes or documentation associated with any BIOS updates to understand if they involve changes to Secure Boot settings.

    Unfortunately, Secure Boot keys issue is not supported on the Microsoft Answers forum. It is more suitable for publishing on Microsoft Learn (English only), you can click on "Ask a question", there are experts who can provide more professional solutions in that place. 

    Here is a link: Windows 10 - Microsoft Q&A to the forum where you can raise specific scenarios and share your idea to help solve the problem. 

    I won't be able to help you, but I'll leave that question open in case one of our amazing volunteers has ideas for you. 

    Your Sincerely

    Hahn - MSFT | Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments
  4. Anonymous
    2023-11-16T08:59:29+00:00

    thanks for the clarification, that would make sense then why I didn't see an Updating Your System message for the NET updates, but did for the Cumulative one

    I do have another question but it's slightly off the topic of the original post. if you don't have much knowledge on this then that's fine, I'll describe it anyway;

    I recently found that in both of my device's Bios (this Asus computer and MSI laptop), the Secure Boot Keys had been changed

    this is what they normally look like:

    PK- 1 (Default)

    KEK- 3 (Default) Asus | 1 (Default) MSI

    DB- 10 (Default) Asus | 3 (Default) MSI

    DBX- 77 (Default)

    when I checked my Bios, this is what I saw;

    PK- 1 (Default)

    KEK- 3 (Default) Asus | 1 (Default) MSI

    DB- 10 (Default) Asus | 3 (Default) MSI

    DBX- 270 (Mixed)

    the amount of DBX keys had been changed and the setting was swapped to Mixed on both devices. I understand that DBX is essentially the blacklist key for Secure Boot that blocks potentially unwanted code/drivers, which I assume are chosen by Microsoft and added to the blacklist?

    anyway, Loading Optimized Defaults didn't reset the values so I ended up Clearing Secure Boot Keys which set the DBX keys back to 77 (Default) on both devices

    can some Windows Updates potentially alter the Secure Boot settings? I had updated both the PC and the laptop for the newest Cumulative Update and the latest monthly version of the Windows Malicious Software Removal Tool

    I then updated the laptop to Windows 11 23H2 but the Secure Boot keys didn't change there. so is it possible that the Malicious Software Removal Tool's monthly update, or the Cumulative Update, changed the DBX key value?

    it wasn't the NET update, since I checked it last night and the keys were the same

    Was this answer helpful?

    0 comments
  5. Anonymous
    2023-11-16T07:45:32+00:00

    Hi JJJ,

    Welcome to Microsoft Community.

    I'm Hahn and I'm here to help you with your concern.

    Thank you for your question. I'm happy to help you with some information about .NET updates and Windows update screens.

    .NET updates are cumulative updates that include bug fixes, security patches, and improvements for the .NET Framework and related technologies. They are usually released monthly and can be installed manually or automatically through Windows Update.

    Windows update screens are the blue screens that appear when you restart your device after installing a Windows update. They show the progress of the update and the reason for any errors or failures. They also allow you to choose whether to restart now or later.

    .NET updates do not cause users to go through the blue "Working on Updates" screen, but rather silently install the update on restart and allow you to sign-in normally without any waiting. This is because .NET updates are integrated into the Unified Update Platform (UUP), which is a new feature that helps secure your device with the latest .NET Framework updates.

    UUP's design aims to streamline the update experience and enhance security by silently installing certain types of updates in the background without displaying progress screens during startup. This approach likely prioritizes a smoother user experience by minimizing interruptions during the update process.

    I hope this information helps you understand how .NET updates work and how to fix any potential issues with them. If you have any further questions, please feel free to ask me. Have a great day!

    Your Sincerely

    Hahn - MSFT | Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments