Where does Windows 10 pull the Windows UEFI CA 2023 from?
Background
I am following this KB article from microsoft: https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d
I have run the command:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x40 /f
And verified the 2023 cert is installed after restarting:
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'
Question
Where is the certificate coming from when I update this setting? I tried logging my network traffic but can't isolate the request. I'm assuming this queries a Microsoft URL, but which one? And how does that work?