Yesterday, Microsoft released its Patch Tuesday updates for Windows 10 (KB5028166) and Windows 11(KB5028185). The company, on its health dashboard website, made an accompanying announcement to explain that it has deployed its second phase hardening against the BlackLotus UEFI bootkit security flaw. A guidance post was also published by Microsoft to help users.
This hardening was delivered via its newest SafeOS Dynamic Update packages for WinRE (Windows Recovery Environment) and brings easier automated deployment of Secure Boot DBX revocation files.
The Secure Boot Forbidden Signature Database or Secure Boot DBX from Microsoft is basically a block-list for blacklisted UEFI executables that were found to be dangerous. (Microsoft also revoked several WHQL-signed drivers that were actually malware with the latest Patch Tuesday).
The support articles for the new KB5028312 and KB5028314 updates say:
KB5028312: Setup Dynamic Update for Windows 11, version 21H2: July 11, 2023
Summary
This update makes improvements to Setup binaries or any files that Setup uses for feature updates in Windows 11, version 21H2.
KB5028314: Setup Dynamic Update for Windows 11, version 22H2: July 11, 2023
Summary
This update makes improvements to Setup binaries or any files that Setup uses for feature updates in Windows 11, version 22H2.
In a Techcommunity blog post about Windows 10 Dynamic Updates, Microsoft explained Dynamic Updates in more detail regarding its various components and uses. These packages include fixes to Setup.exe binaries, SafeOS updates for Windows Recovery Environment, and more:
As soon as a Windows 10 feature update initiates, whether from media or a Windows Update service-connected environment, Dynamic Update is one of the first steps invoked. Windows 10 Setup reaches out to an Internet-facing URL hosted by Microsoft to fetch Dynamic Update content, then applies those updates to your OS installation media.
Content acquired includes:
- Setup Updates: Fixes to Setup binaries or any files that Setup uses for feature updates.
- Safe OS Updates: Fixes for the "safe OS" that are used to update Windows recovery environment (WinRE).
- Servicing Stack Updates: Fixes that are necessary to address the Windows 10 servicing stack issue and thus required to complete the feature update.
- Latest Cumulative Update: Installs the latest cumulative quality update.
- Driver Updates: Latest version of applicable drivers that have already been published by manufacturers into Windows Update and specifically targeted for Dynamic Update.
In addition to these updates, Dynamic Update will preserve Language Pack (LP) and Features on Demand (FODs) content during the upgrade process. These are not updates to LPs and FODs, but reacquisition to ensure the user has these elements present with the update completes.
These Dynamic updates were automatically downloaded with Windows 11 July Patch Tuesday updates. You can also download them manually by visiting the Microsoft Update Catalog website (KB5028312 / KB5028314). Windows 10 also got its Dynamic update under KB5028311 which you can find here.
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.