Newsletter Archives

• Microsoft pulls KB 4524244, the infamous UEFI patch, from the Catalog

  Posted on February 15, 2020 at 07:28 CST by woody • Comment in the Forums

  The count of “2020-02” patches in the Catalog went down by eight overnight.

  One of them is KB 4524244, the UEFI patch that we’ve all been wondering about. As I said on Feb. 12 in Computerworld,

  The UEFI mystery of KB 4524244

  Microsoft seems to have a specific UEFI manufacturer in its sites. KB 4524244, the “Security update for Windows 10, version 1607, 1703, 1709, 1803, 1809, and 1903: February 11, 2020” is being offered, independently of the usual Cumulative Updates, on all versions of Windows 10.

  By the way, if you think Win10 version 1909 was immune from the KB 4524244 malaise, think again. Microsoft forgot to include 1909 on its master list, but KB 4524244 is included in the 1909 MS Update Catalog listing and in the WSUS listing. (Thx, PKCano.) The KB article – even its title – is clearly wrong.

  According to PKCano, one of the UEFI patches, KB 4502496, still appears in Windows Update – but it isn’t in the Catalog. Likely its appearance in Windows Update is a phantom, and in fact it won’t be installed. Do you have better info?
  Update: KB 4502496 has also been pulled.

  The KB article has been updated to say:

  Important

  This standalone security update has been removed due to an issue affecting a sub-set of devices. It will not be re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note Removal of this standalone security update does not affect successful installation or any changes within any other February 11, 2020 security updates, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.

  Another Microsoft Friday night massacre? On a three day (US) weekend?

   

  ——

  Patch lady edit:  Spotted this interaction on twitter  —   So now I know that it was a Kaspersky bootloader

  	Brian in Pittsburgh (@arekfurt)
  2/15/20, 2:22 PM This has gone surprisingly little attention. Microsoft signed a Kaspersky bootloader that could be used to bypass Secure Boot on any PC (!), then revoked it last Tuesday (that was what took two reboots if you had Cred Guard enabled). Now there are in turn issues with that fix.

   

  Alex Ionescu

  @aionescu

  1. Sign Kaspersky UEFI Rootkit (oops, “loader”) even though this wasn’t what the program was meant for, putting *everyone* at risk thanks to the DB policy.
  2. Finally release revocation (thanks

  @int0x6

  ) 3. Pull back the release and indicate you won’t offer it anymore…

  Windows Patches/Security February 2020 Black Tuesday, KB 4502496