Windows Security Feature Bypass in Secure Boot (BootHole) cannot be fixed for Server 2019 (VMware Guest)

9manloon 1 Reputation point
2021-06-08T09:45:31.207+00:00

I have scanned my Windows Server 2019 VM Guest (VMware) and get the Windows Security Feature Bypass in Secure Boot (BootHole) warning.
103397-1.jpg

I am sure that the Secure Boot of the VM Guest has been enabled on the VMware setting. (Beside, the VMware Host is up to date)

103417-2.jpg

I have run the Windows Update so that the server is up to date.
Also, I have followed Microsoft’s instruction (the link below) to apply update for Secure Boot DBX and gotten the positive result from the Server.
https://support.microsoft.com/en-us/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-e3b9e4cb-a330-b3ba-a602-15083965d9ca

103376-3.jpg

However, when I ran again the Nessus scan, the same vulnerabilities warning still came out with same message. What did I miss?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,756 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Leon Laude 85,791 Reputation points
    2021-06-08T09:49:01.293+00:00

    Hi @9manloon ,

    I just want to say that I have found Nessus not to always be 100% reliable, the same could also be with any other scanning tool.
    Even if the system is fully mitigated from vulnerabilities, the scanning software may sometimes still show that there's a vulnerability.

    If you have followed the Microsoft guidance, then I would say it is enough.

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Best regards,
    Leon


  2. Teemo Tang 11,411 Reputation points
    2021-06-09T02:13:30.757+00:00

    I have run the Windows Update so that the server is up to date.
    Also, I have followed Microsoft’s instruction (the link below) to apply update for Secure Boot DBX and gotten the positive result from the Server.
    https://support.microsoft.com/en-us/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-e3b9e4cb-a330-b3ba-a602-15083965d9ca

    You have done a good job, in general, keep your Server 2019 is up to date and Windows Defender is working, that’s enough for system security.
    Please refer to this similar case for a hint
    https://learn.microsoft.com/en-us/answers/questions/246018/is-there-a-fix-for-windows-security-feature-bypass.html

    -------------------------------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. z080236 1 Reputation point
    2022-03-22T05:56:20.193+00:00

    I was told by Nessus that this vulnerability will only go off , after applying all the DBX file, not only the Apr 2021 bin.

    Check-Dbx.ps1 '.\dbx-2020-July.bin'

    Check-Dbx.ps1 '.\dbx-2020-October.bin'

    Not sure, what Microsoft recommends:

    1. Apply all DBX file? or
    2. Apply latest DBX file
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.