Windows 10: Windows Boothole vulnerability - how to verify if it is fixed

Discus and support Windows Boothole vulnerability - how to verify if it is fixed in Windows 10 Support to solve the problem; Boothole vulnerability BootHole vulnerability in Secure Boot affecting Linux and Windows Windows has recently released a patch for the boothole... Discussion in 'Windows 10 Support' started by z080236, Feb 19, 2021.

  1. z080236 Win User

    Windows Boothole vulnerability - how to verify if it is fixed


    Boothole vulnerability

    BootHole vulnerability in Secure Boot affecting Linux and Windows


    Windows has recently released a patch for the boothole vulnerability

    https://support.microsoft.com/en-us/...7-d0c32ead81e2


    Based on the https://msrc.microsoft.com/update-gu.../CVE-2020-0689

    For Windows server 2016
    I installed the update based on this:
    1. Servicing Stack Update KB4576750
    2. Standalone Secure Boot Update Listed in this CVE KB4535680
    3. Jan 2021 Security Update KB4598243


    Based on https://msrc.microsoft.com/update-gu...lity/ADV200011
    I just run this command to verify?

    [System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Microsoft Corporation UEFI CA 2011'

    :)
     
    z080236, Feb 19, 2021
    #1
  2. Brink Win User

    BootHole vulnerability in Secure Boot affecting Linux and Windows

    Read more: https://eclypsium.com/2020/07/29/the...e-in-the-boot/
     
    Brink, Feb 19, 2021
    #2
  3. Yukikaze Win User
    WPA2 Vulnerability Found

    A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

    Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
    The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities

    Source: Security Update Guide - Microsoft Security Response Center
     
    Yukikaze, Feb 19, 2021
    #3
  4. Windows Boothole vulnerability - how to verify if it is fixed

    vulnerability fix

    What "below vulnerability" would that be?

    Hint: review your posting after being submitted to verify that all of the information that you wish to relate when asking a question is present and relevant to your query at hand.

    We'll be waiting for your next reply.

    -Richard
     
    RichardEiler, Feb 19, 2021
    #4
Thema:

Windows Boothole vulnerability - how to verify if it is fixed

Loading...
  1. Windows Boothole vulnerability - how to verify if it is fixed - Similar Threads - Boothole vulnerability verify

  2. Twitter for Android security vulnerability discovered and fixed

    in Windows 10 News
    Twitter for Android security vulnerability discovered and fixed: We recently discovered and fixed a vulnerability in Twitter for Android related to an underlying Android OS security issue affecting OS versions 8 and 9. Our understanding is 96% of people using Twitter for Android already have an Android security patch installed that...
  3. BootHole vulnerability in Secure Boot affecting Linux and Windows

    in Windows 10 News
    BootHole vulnerability in Secure Boot affecting Linux and Windows: [ATTACH] “BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. All operating systems using GRUB2 with Secure Boot must release new installers and bootloaders. Join Eclypsium for a webinar...
  4. Driver verifier fix please

    in Windows 10 Ask Insider
    Driver verifier fix please: I tried using driver verifier to fix a thing in my pc vut it made it crash and now it just keeps rebooting. I've seen videos saying that you can just delete existing setting and it fixes it but when i access the cmd it doesn't let me delete it, it says "settings haven't been...
  5. About emulating SCSI and Vulnerabilities mitigation fixes

    in Windows 10 Performance & Maintenance
    About emulating SCSI and Vulnerabilities mitigation fixes: I've been trying to emulate SCSI on Win10 1903 and it seems that Windows now blocks that type of thing. After a lot of researching I found a workaround to make this possible: Code: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]...
  6. How to verify account

    in User Accounts and Family Safety
    How to verify account: When you change your account credentials for your MS account, specifically changing the email address.....why is there a 30 day wait period if you only have an email account to use to verify. If you have a mobile phone, you're instantly given a text with the code. Some of us...
  7. Microsoft fixes 67 vulnerabilities in all Windows versions

    in Windows 10 News
    Microsoft fixes 67 vulnerabilities in all Windows versions: Microsoft yesterday released its regular set of Patch Tuesday Cumulative Updates for all Windows versions. The company released Cumulative Update which contained bug fixes and performance improvements. The Cumulative Updates released have brought fixes for 67 vulnerabilities...
  8. Unpatched Windows Vulnerability Gets a 3rd Party Fix

    in Windows 10 News
    Unpatched Windows Vulnerability Gets a 3rd Party Fix: A third-party security group called 0patch and created by experts at ACROS Security released a third-party patch for the Windows gdi32.dll memory disclosure bug in an attempt to address the vulnerability until Microsoft ships a patch. This is projected to happen on March 14...
  9. LastPass is scrambling to fix another serious vulnerability

    in Windows 10 News
    LastPass is scrambling to fix another serious vulnerability: The flaw could allow for remote code execution or password theft. For the second time in two weeks developers of the popular LastPass password manager are working to fix a serious vulnerability that could allow malicious websites to steal user passwords or infect computers...
  10. Notepad++ 7.3.3 update fixes CIA vulnerability

    in Windows 10 News
    Notepad++ 7.3.3 update fixes CIA vulnerability: The developers of the popular third-party text editor Notepad++ released version 7.3.3 which fixes a vulnerability found in the leaked Vault 7 files. Wikileaks started to release so-called Vault 7 files the other day; a cache of confidential documents on the U.S. Central...