MS-DEFCON 4: Skip those Secure Boot scripts
By Susan Bradley Deploy May updates — and nothing but the updates. I’m lowering the MS-DEFCON level to 4 to encourage you to install the May updates now. However, I do not recommend taking the optional steps recommended by Microsoft to revoke the vulnerable bootloader files, as I discussed in yesterday’s On Security column. I do not think these manual steps provide full protection for this vulnerability — or potential future ones. Highlights:
Consumer and home users
The Secure Boot flaw isn’t fixed with just a patch but also requires additional steps to provide full protection. However, I’m not convinced that these steps are worth the trouble right now. They are confusing and will possibly increase the level of risk. The public disclosure of the boot flaw was updated with this note: An incomplete revocation occurred, and another CVE (CVE-2023-24932). There’s still vulnerable bootmgfw s that were not revoked, as well as additional patches only fixing the case where bootmgr loads bootmgr. Clearly, we aren’t done with this and will still have vulnerable machines even after running the suggested commands. I think the best way to handle this vulnerability is to be your best, slightly paranoid self by carefully watching what you click and download. Some Windows machines don’t support Secure Boot and will not be vulnerable. To check this, run msinfo32 (System Information) on your PC. In the example shown in Figure 1, Secure Boot State is shown as Unsupported and the BIOS Mode is Legacy. Safe.
Some Apple systems support Secure Boot, but I am not aware of any targeted attacks for those that can. More disruptive to home and consumer users is the new Outlook for Windows preview that has been pushed to some PCs. This version has a new look and feel, as well as some limitations. As noted in Microsoft’s support post Getting started with the new Outlook for Windows, there is a toggle called Try the new Outlook on the far right, just above the ribbon. When turned on, the new version will be downloaded (and that can take some time). The toggle can be turned off, at least for now, to return to the current version. If for some reason that doesn’t work, follow the instructions in the support post Toggling out of the new Outlook for Windows preview, which includes a Registry solution. For those of you with TP-Link routers, review your firmware version. As noted in a Tenable post, the TP-Link Archer AX21 (AX1800) needs a firmware update to protect from attacks. It’s a good reminder to check any router to ensure its firmware is up to date. Log in to your router, and review the advanced section to see whether there is a firmware update available. Business users
For Windows 11 22H2 users who utilize L2TP/IPsec VPN, I’m seeing reports of slower access times. At this time, KB5026372 should be uninstalled, because I don’t see any indication that Microsoft has acknowledged the issue. Furthermore, a problem known as Local Security Authority protection is off with persistent restart (for both Windows 11 22H2 and 22H1) has yet to be addressed, although Microsoft is aware of it. Keep your eye on the Master Patch List for updated information. I’m not tracking any major issues with Windows 10 22H2 for business users. Resources
Susan Bradley is the publisher of the AskWoody newsletters. The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.
Your subscription:
Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, AskWoody.com, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners. Copyright ©2023 AskWoody Tech LLC. All rights reserved.
|