Executive Summary
Summary | |
---|---|
Title | Update to Revoke Non-compliant UEFI Modules |
Informations | |||
---|---|---|---|
Name | KB2871690 | First vendor Publication | 2013-12-10 |
Vendor | Microsoft | Last vendor Modification | 2014-02-27 |
Severity (Vendor) | N/A | Revision | 2.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly. Microsoft is not aware of any misuse of the affected UEFI modules. Microsoft is proactively revoking these non-compliant modules as part of ongoing efforts to protect customers. This action only affects systems running Windows 8 and Windows Server 2012 that are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled. Recommendation. The affected UEFI modules are not known to be available publicly. However, customers with concern that they may be using an affected UEFI module should consult the "What does this update do?" advisory FAQ for a list of affected UEFI modules. For recommendations on how to apply this update, see the Suggested Actions sections. Known Issues. Microsoft Knowledge Base Article 2871690 documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues. For more information about this issue, see the following references: This advisory discusses the following software. Why was this advisory revised on February 27, 2014? Customers who have already successfully installed the original update do not need to take any action. For customers who could not install the original update due to the issues with signature validation, Microsoft recommends installing the rereleased update. Does this update (2871690) have any prerequisites? For customers who install this update using automatic updating, such as Microsoft Update, the 2871777 prerequisite update will be automatically installed during the process. No additional action is required for installation. When installation is complete, customers will see both updates (2871777 and 2871690) in the list of installed updates. For customers who are manually installing this update from the Download Center, ensure that the 2877177 update is installed first, then install the 2871690 update. Is this update available for Windows RT? Is this update available for Windows 8.1 Preview, Windows RT 8.1 Preview, or Windows Server 2012 R2 Preview? Does this update apply to Windows 8.1, Windows Server 2012 R2, or Windows RT 8.1? What is the scope of the advisory? What is UEFI Secure Boot? Secure Boot is supported on Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 8, Windows Server 2012, and Windows RT. Note that a system running one of the supported operating systems must also have hardware that is capable of UEFI Secure Boot. My system is not configured to boot using UEFI. Does this update apply to my system? What does this update do? This update applies to nine private, third-party UEFI modules used for test purposes only. These UEFI modules are not known to be in public distribution. Customers who are concerned they may have an affected module can compare the SHA256 file hash of their UEFI modules against the following. Note Customers who do not have any of the above file hashes are not affected. I am using a UEFI module that is being revoked. What if I want to continue using it? However, customers who want to continue using non-compliant UEFI modules for their own purposes, such as for testing, can do so by disabling Secure Boot in their system's BIOS configuration menu. Apply the update for affected releases of Microsoft Windows Warning Customers who apply this update on a system that is using one of the affected UEFI modules risk delivering the system into a non-bootable state. Microsoft recommends that all customers apply this update after ensuring they are running up-to-date UEFI modules. Customers with concern that they may be using an affected UEFI module should consult the "What does this update do?" advisory FAQ for a list of affected UEFI modules. Microsoft recommends that customers apply the update at the earliest opportunity after ensuring that their systems are not using any of the affected UEFI modules. The update is available through Microsoft Update. In addition, the update is available on the Download Center as well as the Microsoft Update Catalog for Windows 8 and Windows Server 2012. Download links for this update can be found in Microsoft Knowledge Base Article 2871690. Note The 2871777 update is a prerequisite and must be applied before this update can be installed. For more information about the 2871777 servicing stack update for Microsoft Windows, see Microsoft Knowledge Base Article 2871777. For customers who install this update using automatic updating, such as Microsoft Update, the 2871777 prerequisite update will be automatically installed during the process. No additional action is required for installation. When installation is complete, customers will see both updates (2871777 and 2871690) in the list of installed updates. For customers who are manually installing this update from the Download Center, ensure that the 2877177 update is installed first, then install the 2871690 update. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/2871690.mspx |
Alert History
Date | Informations |
---|---|
2014-02-27 21:19:45 |
|
2014-02-17 11:38:44 |
|
2013-12-11 05:17:53 |
|