Matthew GarrettMay 9, 2023
Microsoft security update that blocks Black Lotus (and, incidentally, also blocks a *lot* of existing Windows boot media and recovery images - you do want to be careful in applying this, but I'm still kind of amazed this ended up being politically viable!) https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d
KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

Show threadRairiiMay 9, 2023
@mjg59 same. i'd have thought i'd have been told in advance about this, too (i wasn't). and there's got to be some boot applications they missed. i'll check later (not at home right now)
Show threadvriska, thief of light May 9, 2023
@Rairii @mjg59 i think this is intended to be the advance notice, it says that they're not planning to have windows update automatically apply the revocations until q1 2024 (but are "looking for opportunities to accelerate this schedule" )
Show threadRairii
@leo @mjg59 i missed that. the fact they're going to automatically apply a dbx update that will break some windows install media EVEN WITH SECURE BOOT DISABLED (thanks to a bootmgr quirk) is hilarious
May 9, 2023 at 7:18pmWeb
Show threadvriska, thief of light May 9, 2023
@Rairii @mjg59 wait, is the revocation list enforced even with secure boot disabled? huh
Show threadRairiiMay 9, 2023
@leo @mjg59 since win10, yes (for dbx), and bootmgr sigchecks itself