Microsoft released security update KB4535680.
This security update makes improvements to Secure Boot DBX for the supported Windows versions listed below.
- Windows Server 2012 x64-bit
- Windows Server 2012 R2 x64-bit
- Windows 8.1 x64-bit
- Windows Server 2016 x64-bit
- Windows Server 2019 x64-bit
- Windows 10, version 1607 x64-bit
- Windows 10, version 1803 x64-bit
- Windows 10, version 1809 x64-bit
- Windows 10, version 1909 x64-bit
- Windows devices with Unified Extensible Firmware Interface (UEFI)-based firmware can be run with Secure Boot enabled. The Secure Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading. This update adds modules to the DBX.
- There is a vulnerability to bypass security features in Secure Boot. An attacker who successfully exploited this vulnerability could bypass Secure Boot and load untrusted software.
- This security update addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX. For more information about this vulnerability, see CVE-2020-0689 | Microsoft Secure Boot Security Feature Bypass Vulnerability.