Does Microsoft Intend to Release An Updated KB for the March 2023 Security Feature Bypass in GRUB Vulnerability?

BigPixFix 20 Reputation points
2023-05-02T17:37:54.6566667+00:00

Microsoft last released a patch for Security Feature Bypass in GRUB in August 2022 ( KB512710). Recently, a new UEFI revocation file (March 2023) was added as per vendor https://uefi.org/revocationlistfile. With the release of the new March 2023 UEFI revocation file, there may be a gap in security for this vulnerability between the August update and the March revocation file. Does Microsoft plan to provide a new update to cover this security flaw?

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,766 Reputation points
    2023-05-03T14:05:00.1533333+00:00

    Hello,

    Initially the KB5012170 replaces GRUB with GRUB 2.06 which is a version that doesn't contain the vulnerabilities.

    The March update contains different vulnerability patches for GRUB versions prior to 2.06, released at the moment that were detected but combined in March 2023 updated for spread distribution.

    You can have more information about the updates on the releases releases at:

    https://msrc.microsoft.com/update-guide/vulnerability/ADV200011

    --If the reply is helpful, please Upvote and Accept as answer--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.