Newsletter Archives

  • Microsoft pulls KB 4524244, the infamous UEFI patch, from the Catalog

    The count of “2020-02” patches in the Catalog went down by eight overnight.

    One of them is KB 4524244, the UEFI patch that we’ve all been wondering about. As I said on Feb. 12 in Computerworld,

    The UEFI mystery of KB 4524244

    Microsoft seems to have a specific UEFI manufacturer in its sites. KB 4524244, the “Security update for Windows 10, version 1607, 1703, 1709, 1803, 1809, and 1903: February 11, 2020” is being offered, independently of the usual Cumulative Updates, on all versions of Windows 10.

    By the way, if you think Win10 version 1909 was immune from the KB 4524244 malaise, think again. Microsoft forgot to include 1909 on its master list, but KB 4524244 is included in the 1909 MS Update Catalog listing and in the WSUS listing. (Thx, PKCano.) The KB article – even its title – is clearly wrong.

    According to PKCano, one of the UEFI patches, KB 4502496, still appears in Windows Update – but it isn’t in the Catalog. Likely its appearance in Windows Update is a phantom, and in fact it won’t be installed. Do you have better info?
    Update: KB 4502496 has also been pulled.

    The KB article has been updated to say:

    Another Microsoft Friday night massacre? On a three day (US) weekend?



    Patch lady edit:  Spotted this interaction on twitter  —   So now I know that it was a Kaspersky bootloader

    Brian in Pittsburgh (@arekfurt)
    This has gone surprisingly little attention. Microsoft signed a Kaspersky bootloader that could be used to bypass Secure Boot on any PC (!), then revoked it last Tuesday (that was what took two reboots if you had Cred Guard enabled). Now there are in turn issues with that fix.


    Alex Ionescu
    1. Sign Kaspersky UEFI Rootkit (oops, “loader”) even though this wasn’t what the program was meant for, putting *everyone* at risk thanks to the DB policy.
    2. Finally release revocation (thanks

    ) 3. Pull back the release and indicate you won’t offer it anymore…