Does Microsoft Intend to Release An Updated KB for the March 2023 Security Feature Bypass in GRUB Vulnerability?

BigPixFix 20 Reputation points
2023-05-02T17:37:54.6566667+00:00

Microsoft last released a patch for Security Feature Bypass in GRUB in August 2022 ( KB512710). Recently, a new UEFI revocation file (March 2023) was added as per vendor https://uefi.org/revocationlistfile. With the release of the new March 2023 UEFI revocation file, there may be a gap in security for this vulnerability between the August update and the March revocation file. Does Microsoft plan to provide a new update to cover this security flaw?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,835 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,366 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,954 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,865 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,421 Reputation points
    2023-05-03T14:05:00.1533333+00:00

    Hello,

    Initially the KB5012170 replaces GRUB with GRUB 2.06 which is a version that doesn't contain the vulnerabilities.

    The March update contains different vulnerability patches for GRUB versions prior to 2.06, released at the moment that were detected but combined in March 2023 updated for spread distribution.

    You can have more information about the updates on the releases releases at:

    https://msrc.microsoft.com/update-guide/vulnerability/ADV200011

    --If the reply is helpful, please Upvote and Accept as answer--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.