KB5012170: A closer look at this cumulative update

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • Microsoft just released an important fix related to the Secure Boot DBX through KB5012170.
  • Thus, the Redmond tech giant managed to resolve the critical Secure Boot GRUB vulnerability.
  • Read all about this important cumulative update and catch up on everything in the article below.
windows 11 kb

As you are already probably aware, Microsoft had its monthly Patch Tuesday update rollout only a few days ago, and you can find full coverage right here.

All the operating systems got patched this month, including Windows 11, Windows 10, Windows 7, and Windows 8.1.

But, among the most important releases this month, is the extremely important fix related to the Secure Boot DBX with its KB5012170 update.

Microsoft finally fixed critical Secure Boot GRUB vulnerability

Just in case you weren’t already aware, the Secure Boot Forbidden Signature Database or DBX is actually a block list for blacklisted UEFI executables that were found to be bad.

The above-mentioned KB5012170 update adds signatures of the known vulnerable UEFI modules to the DBX, meaning they will no longer be able to run after this update.

This time, these signatures are related to the GRand Unified Boot Loader (GRUB) vulnerability also called BootHole.

As we said, and as Microsoft confirmed, this security update makes improvements to Secure Boot DBX for the supported Windows versions listed in the Applies to section.

The Redmond tech giant mentioned that these key changes include the following:

  • Windows devices that has Unified Extensible Firmware Interface (UEFI) based firmware can run with Secure Boot enabled. The Secure Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading. This update adds modules to the DBX.

You should also know that a security feature bypass vulnerability exists in secure boot. Thus, an attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software.

That being said, KB5012170 successfully addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX.

What Windows versions is this update for?

The tech company also included all the versions that this update will fix the issue for in the official release notes.

So, without any further ado, we’ll say that KB5012170 fixes the problem for:

  • Windows Server 2012
  • Windows 8.1 and Windows Server 2012 R2
  • Windows 10, version 1507
  • Windows 10, version 1607 and Windows Server 2016
  • Windows 10, version 1809 and Windows Server 2019
  • Windows 10, version 20H2
  • Windows 10, version 21H1
  • Windows 10, version 21H2
  • Windows Server 2022
  • Windows 11, version 21H2 (original release)
  • Azure Stack HCI, version 1809
  • Azure Stack Data Box, version 1809 (ASDB)

Of course, download for this cumulative update is available via Windows Update as part of the Patch Tuesday package, but you can also get the standalone update from the Microsoft Update Catalog website.

What can I do if KB5012170 fails to install?

  1. Press WinI to access Settings.
  2. Select the System category and click on Troubleshoot.w11 troubleshoot
  3. Press the Other troubleshooters button.other troubleshooters windows 11
  4. Press the Run button next to Windows Update.windows update troubleshooter

There you have it, folks! Everything you can expect if you are a Beta channel Insider. Leave a comment below if you found any issues since installing this build.

This article covers:Topics: