Windows all versions Security update for Secure Boot DBX
Security update KB4535680

Microsoft released security update KB4535680.

This security update makes improvements to Secure Boot DBX for the supported Windows versions listed below.

Applies to

  • Windows Server 2012 x64-bit
  • Windows Server 2012 R2 x64-bit
  • Windows 8.1 x64-bit
  • Windows Server 2016 x64-bit
  • Windows Server 2019 x64-bit
  • Windows 10, version 1607 x64-bit
  • Windows 10, version 1803 x64-bit
  • Windows 10, version 1809 x64-bit
  • Windows 10, version 1909 x64-bit

Fixed issues

  • Windows devices with Unified Extensible Firmware Interface (UEFI)-based firmware can be run with Secure Boot enabled. The Secure Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading. This update adds modules to the DBX.
  • There is a vulnerability to bypass security features in Secure Boot. An attacker who successfully exploited this vulnerability could bypass Secure Boot and load untrusted software.
  • This security update addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX. For more information about this vulnerability, see CVE-2020-0689 | Microsoft Secure Boot Security Feature Bypass Vulnerability.

Download: KB4535680Support Notes