Jump to content

Search the Community

Showing results for tags 'secure boot'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 6 results

  1. At their special event, Microsoft announced the all new Windows 11. The new operating system comes with a visual overhaul, multi-tasking improvements and more. Microsoft is expected to roll out Windows 11 to users later this year but not every device will be able to run Windows 11. If you are planning to try out Windows 11 then you can check out the minimum specs below: 1Ghz 64-bit dual-core processor 4GB RAM 64GB storage 9-inch display (1366x768 resolution) UEFI, Secure Boot & TPM 2.0 compatible DirectX 12 compatible graphics / WDDM 2.x The biggest change with Windows 11 is the 64-bit only operating system. Microsoft does not plan to release a 32-bit version of Windows 11, but the OS will continue to support 32-bit software. Apart from that, Microsoft will now need a 9-inch display as well as 64GB storage to run. These changes should make the Windows 11 experience better on all devices but will also increase the specification requirements for budget devices. If you are worried about Windows 11 requirements, then you can download the Windows PC Health Check (via WalkingCat) app to see if your PC meets the requirements. Source: Here are the official minimum system requirements for Windows 11 (via Neowin)
  2. haris_sane69

    Secure Boot Support in Ventoy

    Greetings everyone, Anybody tried this secure boot option feature in Ventoy? I'm getting this ERROR that "Booting in insecure mode" before entering into OS selection screen. Secure boot & UEFI mode is already enabled from bios setup. Screenshot attached below: Regards.
  3. Microsoft fixes Secure Boot bug allowing Windows rootkit installation Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system’s booting process even when Secure Boot is enabled. Secure Boot blocks untrusted operating systems bootloaders on computers with Unified Extensible Firmware Interface (UEFI) firmware and a Trusted Platform Module (TPM) chip to help prevent rootkits from loading during the OS startup process. Rootkits can be used by threat actors to inject malicious code into a computer's UEFI firmware, to replace the operating system's bootloader, to replace parts of the Windows kernel, or camouflage maliciously crafted drivers are legitimate Windows drivers. The security feature bypass flaw, tracked as CVE-2020-0689, has a publicly available exploit code that works during most exploitation attempts which require running a specially crafted application. "An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software," Microsoft explains. Affected Windows versions include multiple Windows 10 releases (from v1607 to v1909), Windows 8.1, Windows Server 2012 R2, and Windows Server 2012. How to install the security update To block untrusted or known vulnerable third-party bootloaders when Secure Boot is toggled on, Windows devices with UEFI firmware use the Secure Boot Forbidden Signature Database (DBX). The KB4535680 security update released by Microsoft as part of the January 2021 Patch Tuesday addresses the vulnerability by blocking known vulnerable third-party UEFI modules (bootloaders) to the DBX. Users have to install this standalone security update in addition to the normal security update to block attacks designed to exploit this Secure Boot vulnerability. If automatic updates are enabled on the computer, the security update will be installed automatically, without user intervention needed. However, on systems where updates need to be installed manually, you will be required to first download KB4535680 for their platform from the Microsoft Update Catalog. Next, you will have to make sure that a specific Servicing Stack Update is installed before deploying the standalone security update (you can find the list here). If you also need to manually install the January 2021 Security Updates, the three updates should be installed in the following order: Servicing Stack Update Standalone Secure Boot Update listed in this CVE January 2021 Security Update On systems where Windows Defender Credential Guard (Virtual Secure Mode) is also enabled, installing the KB4535680 standalone update will require two additional reboots. Microsoft also released guidance for applying Secure Boot DBX updates after the disclosure of the BootHole GRUB bootloader vulnerability in July 2020 which also allows for Secure Boot bypass. The company added at the time that it "plans to push an update to Windows Update to address" the BootHole vulnerability in 2021. Source: Microsoft fixes Secure Boot bug allowing Windows rootkit installation
  4. Microsoft released October's servicing stack quality improvements for all Windows 10 versions, the component which allows users to receive and install Windows updates. Microsoft says that these critical servicing stack updates (SSUs) address "an issue in which the Secure Boot revocation list (DBX) is not applied when the Secure Boot allow list (DB) update is empty." The updates also improve "the Secure Boot revocation list (DBX) update experience to avoid multiple restarts when you deploy the DBX update on a device where the Credential Guard service is not running." All Windows 10 users are advised to start with the Windows 10 servicing stack update to the latest version before installing the October cumulative updates. Microsoft also released the October 2019 Patch Tuesday security updates, with 1 advisory (Windows 10 Servicing Stack Update) and updates for 59 vulnerabilities. Eight of them were rated by Microsoft as Critical. The October 2019 Microsoft Office security updates were also released today, bundling a total of 14 security updates and four cumulative updates across seven different products, with nine of them patching remote code execution vulnerabilities. Servicing stack updates available on the Microsoft Update Catalog Windows 10 users are urged to update their systems' servicing stack to dodge potential issues that could appear during the installation process of future quality and feature updates. Microsoft states in the servicing stack support document that: Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. The table below lists all the Windows 10 versions that received a SSU today, as well as the related knowledgebase articles with links to the Microsoft Update Catalog download pages: Servicing stack updates Product Support article Windows 10 1903 / Windows Server, version 1903 KB4521863 Windows 10 1809 / Windows Server 2019 KB4521862 Windows 10 1803 / Windows Server, version 1803 KB4521861 Windows 10 1709 KB4521860 Windows 10 1703 KB4521859 Windows 10 1607 / Server 2016 KB4521858 Windows 10 1507 KB4521856 Servicing stack update install Servicing stack updates contain "the 'component-based servicing stack' (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components," as stated by Microsoft in the Windows IT Pro Center. SSUs can be installed automatically via the Windows Update or with the help of the standalone update packages that can be downloaded from Microsoft Update Catalog website—links for all Windows 10 versions are available in the table above. Windows Server users can use the Windows Server Update Services (WSUS) to mass deploy SSUs to all computers on their network. Servicing stack updates installation notes: • Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system. • Installing servicing stack update does not require restarting the device, so installation should not be disruptive. • Servicing stack update releases are specific to the operating system version (build number), much like quality updates. • Search to install latest available Servicing stack update for Windows 10. Windows 10 users can go through this guided walk-through or use the info available in this support article to troubleshoot update problems. Source
  5. Microsoft has announced a range of Secured-core PCs, devices that adopt a number of security technologies to prevent attacks on a firmware level, rather than software-based approaches. The company says that, as software-based protection has been built into operating systems and connected services, vulnerabilities that target the firmware have largely increased in number in recent years - spiking from just 6 in 2016 to over 400 in 2017 - making this a necessary step. Secured-core PCs are built in conjunction with Microsoft partners, both PC and silicon manufacturers, and they "meet a specific set of device requirements that apply the security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system". The devices are aimed at organizations that handle highly sensitive information, such as those that offer financial services, government institutions, and so on. These protection features are enabled by a new feature called Dynamic Root of Trust for Measurement (DRTM), which is present in recent hardware from Intel, AMD, and Qualcomm, so you should be able to get that additional layer of protection regardless of your choice of processor. Using this technology, Secured-core PCs use System Guard Secure Launch as a core feature to prevent firmware attacks during the boot process. Other technologies, such as Virtualization-based Security (VBS), Hypervisor-protected Code Integrity (HVCI), and the Trusted Platform Module (TPM) 2.0 help enable additional protection throughout the OS. Secured-core PCs are now available from a variety of hardware manufacturers, and you can find them here. These include the new Surface Pro X for Business, which is the only Qualcomm-based device on the list for now. Source: Microsoft introduces Secured-core PCs with extra protection against firmware attacks (via Neowin)
  6. Hello everyone, As you guys already know that it is not possible to create a bootable USB flash drive in FAT32 format if the install.wim on the ISO exceeds 4 GB in size, which means the only File System available is NTFS and if this is used, the Bootable USB will not pass Secure Boot. 1) To get around this we need to make a non-Bootable FAT32 formatted USB Flash Drive using Rufus. Make sure the options are as follows in Rufus: Boot selection : Non bootable ; Partition scheme : GPT ; Target system : BIOS or UEFI ; Volume label : Windows Version & File system : FAT32 (Default) a) Select Start. b) Select OK to format the USB flash drive. c) When done Rufus will say READY, you may now close Rufus. d) In Windows Explorer you should have a blank FAT32 formatted USB Flash Drive. e) Delete the autorun files on it. 2) Now manually create bootable USB: a) In Windows Explorer, right click the ISO file. b) Then select Mount. c) Copy all the files & folders to the USB except sources folder which contain install.wim. d) Then create a new folder on the USB called sources. e) Copy all the files in the sources folder on the ISO except the install.wim onto the USB Flash Drive. 3) Split Install.wim into Multiple Install.swm Files: a) Copy the install.wim directly to the C:\Drive. b) Select Continue when asked to provide administrative conditions. We will now split the install.wim into multiple install.swm files. c) Right click the start button and select Windows PowerShell (Admin). d) Accept the User Account Control Prompt. e) Copy and paste the following command into the PowerShell Window, then press [Enter]. Dism /Split-Image /ImageFile:C:\install.wim /SWMFile:C:\install.swm /FileSize:4000 f) When the Operation has Completed Successfully close the Power Shell Window. g) This will create two (or more) install.swm files. h) Copy these to the sources folder of the Bootable USB flash drive. That's all. CREDITS: @philipyip
×
×
  • Create New...