Microsoft released security update KB4535680.

This security update makes improvements to Secure Boot DBX for the supported Windows versions listed below.

Applies to:

  • Windows Server 2012 x64-bit
  • Windows Server 2012 R2 x64-bit
  • Windows 8.1 x64-bit
  • Windows Server 2016 x64-bit
  • Windows Server 2019 x64-bit
  • Windows 10, version 1607 x64-bit
  • Windows 10, version 1803 x64-bit
  • Windows 10, version 1809 x64-bit
  • Windows 10, version 1909 x64-bit

Fixed issues:

  • Windows devices with Unified Extensible Firmware Interface (UEFI)-based firmware can be run with Secure Boot enabled. The Secure Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading. This update adds modules to the DBX.
  • There is a vulnerability to bypass security features in Secure Boot. An attacker who successfully exploited this vulnerability could bypass Secure Boot and load untrusted software.
  • This security update addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX. For more information about this vulnerability, see CVE-2020-0689 | Microsoft Secure Boot Security Feature Bypass Vulnerability.

Download: KB4535680Support Notes