Jump to content
  • KB5028311: Microsoft released critical Windows 10 Dynamic SafeOS update for Secure Boot


    Karlston

    • 905 views
    • 3 minutes
     Share


    • 905 views
    • 3 minutes

    Yesterday, Microsoft released its Patch Tuesday updates for Windows 10 (KB5028166) and Windows 11(KB5028185). The company, on its health dashboard website, made an accompanying announcement to explain that it has deployed its second phase hardening against the BlackLotus UEFI bootkit security flaw. A guidance post was also published by Microsoft to help users.

     

    This hardening was delivered via its newest SafeOS Dynamic Update packages for WinRE (Windows Recovery Environment) and brings easier automated deployment of Secure Boot DBX revocation files. The Secure Boot Forbidden Signature Database or Secure Boot DBX from Microsoft is basically a block list for blacklisted UEFI executables that were found to be dangerous. (Microsoft also revoked several WHQL-signed drivers that were actually malware with the latest Patch Tuesday).

     

    The support articles for the new KB5028311 update says:

     

    KB5028311: Setup Dynamic Update for Windows 10, version 20H2, 21H2, and 22H2: July 11, 2023

     

    Summary

     

    This update makes improvements to Setup binaries or any files that Setup uses for feature updates in Windows 10, version 20H2, 21H2, and 22H2.

     

    In a Techcommunity blog post about Windows 10 Dynamic Updates, Microsoft explained Dynamic Updates in more detail regarding its various components and uses. These packages include fixes to Setup.exe binaries, SafeOS updates for Windows Recovery Environment, and more:

     

    As soon as a Windows 10 feature update initiates, whether from media or a Windows Update service-connected environment, Dynamic Update is one of the first steps invoked. Windows 10 Setup reaches out to an Internet-facing URL hosted by Microsoft to fetch Dynamic Update content, then applies those updates to your OS installation media.

     

    Content acquired includes:

     

    • Setup Updates: Fixes to Setup binaries or any files that Setup uses for feature updates.
    • Safe OS Updates: Fixes for the "safe OS" that are used to update Windows recovery environment (WinRE).
    • Servicing Stack Updates: Fixes that are necessary to address the Windows 10 servicing stack issue and thus required to complete the feature update.
    • Latest Cumulative Update: Installs the latest cumulative quality update.
    • Driver Updates: Latest version of applicable drivers that have already been published by manufacturers into Windows Update and specifically targeted for Dynamic Update.

     

    In addition to these updates, Dynamic Update will preserve Language Pack (LP) and Features on Demand (FODs) content during the upgrade process. These are not updates to LPs and FODs, but reacquisition to ensure the user has these elements present with the update completes.

     

    This Dynamic update was automatically downloaded with Windows 10 July Patch Tuesday updates. You can also download it manually by visiting the Microsoft Update Catalog website. Windows 11 versions 22H2 and 21H2 also got their Dynamic updates under KB5028312 and KB5028314 which you can find here.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...