Tag

Secure Boot

All articles tagged with #secure boot

Windows 11 Secure Boot 2023 certificates rollout: how to check yours
technology11 days ago

Windows 11 Secure Boot 2023 certificates rollout: how to check yours

Microsoft is rolling out the Windows UEFI CA 2023 Secure Boot certificates to Windows 11 in a phased update (KB5077181). You may see TPM-WMI 1801 logs as the change is staged. To verify, open PowerShell as admin and run: 【System.Text.Encoding】::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'. True means the certificate is present; False means delivery is pending. In Event Viewer, filter System logs for TPM-WMI and look for Event IDs 1808 (certificate applied) and 1034 (Dbx updated). BIOS/firmware updates aren’t required unless your OEM instructs them; these logs are normal staging information during the rollout.

Windows 10 ESU Jan 2026 Update Ditches Old Modem Drivers and Refreshes Secure Boot Certs
technology1 month ago

Windows 10 ESU Jan 2026 Update Ditches Old Modem Drivers and Refreshes Secure Boot Certs

The January 2026 Windows 10 ESU release KB5073724 (Build 19045.6809) arrives for ESU subscribers, removing legacy modem drivers (agrsm64.sys/agrsm.sys and smserl64.sys/smserial.sys) which may affect older modems, while adding new Secure Boot certificates and a WinSqlite3.dll security fix. Most users won’t notice changes, but some legacy modems could stop working after the update. The patch bundles security fixes (roughly 112–114 vulnerabilities, including 3 zero-days, with 57 Elevation of Privilege and other categories) and ESU updates run through October 2026. Downloads are via Settings > Windows Update or the Microsoft Update Catalog for Windows 10 Version 22H2 on x64/ARM-64 with ESU,

Windows 11 January 2026 update fixes NPU battery drain and tightens Secure Boot rollout
technology1 month ago

Windows 11 January 2026 update fixes NPU battery drain and tightens Secure Boot rollout

Microsoft’s January 2026 Patch Tuesday for Windows 11 (KB5074109) is rolling out for 24H2/25H2, fixing a power issue where Neural Processing Units could stay on idle and enabling a phased rollout of new Secure Boot certificates. The update also addresses networking fixes in WSL, Azure Virtual Desktop RemoteApp issues, removes certain modem drivers, and updates WinSqlite3.dll.

Microsoft Patches 114 Flaws in January 2026 Update, One Exploited in the Wild
technology1 month ago

Microsoft Patches 114 Flaws in January 2026 Update, One Exploited in the Wild

Microsoft released its January 2026 security update, fixing 114 vulnerabilities (8 critical; 106 important), including one actively exploited in the wild: CVE-2026-20805 in Desktop Window Manager that could disclose memory details via ALPC. CISA has added this to KEV with a February 3 patch deadline for federal agencies. Other notable fixes include a Secure Boot certificate-expiration bypass (CVE-2026-21265), removal of vulnerable Agere modem drivers tied to older CVEs, and a critical VBS Enclave privilege-escalation (CVE-2026-20876). Edge and other vendor patches accompany the update.

security1 month ago

January Patch Tuesday hits with 113 fixes, including an actively exploited DWM zero-day

Microsoft’s January Patch Tuesday rolls out updates for at least 113 vulnerabilities across Windows and supported software, eight rated critical. The standout is CVE-2026-20805 in Desktop Window Manager, which is already being exploited in the wild and can be chained with other flaws. Office remote-code execution bugs CVE-2026-20952/20953 are fixed, while legacy Agere modem drivers agrsm64.sys/agrsm.sys were removed due to exploit activity linked to CVE-2023-31096. A separate critical CVE-2026-21265 exposes a Secure Boot bypass tied to expired root certificates, requiring careful BIOS/bootloader updates. Firefox/Firefox ESR patched 34 flaws including CVE-2026-0891/0892, and Chrome WebView CVE-2026-0628 was fixed; Edge/Chrome updates are expected. Per-patch guidance from SANS ISC emphasizes timely patching and checking for install issues.

Windows 11 auto-replaces expiring Secure Boot certificates to preserve boot integrity
security1 month ago

Windows 11 auto-replaces expiring Secure Boot certificates to preserve boot integrity

Microsoft is automatically updating expiring Secure Boot certificates on eligible Windows 11 24H2/25H2 devices via quality updates, with a phased rollout to high-confidence machines; admins can also deploy certificates manually via registry, WinCS, or Group Policy. To avoid boot issues, devices must receive the updates before the June 2026 expiry, or risk losing Windows Boot Manager and Secure Boot protections; administrators should inventory devices, verify Secure Boot status, update firmware, then apply the certificate updates.

Windows 10 security-only KB5073724 update patches three zero-days and Secure Boot certs
technology1 month ago

Windows 10 security-only KB5073724 update patches three zero-days and Secure Boot certs

Microsoft released the Windows 10 KB5073724 security update, addressing 114 vulnerabilities including three zero-days, and updating Secure Boot certificates. The update also removes certain Agere modem drivers and includes a WinSqlite3.dll fix. It targets devices in the ESU program or LTSC and does not add new features, raising builds to 19045.6809 (19044.6809 for LTSC 2021). Note that affected modem hardware will stop working due to removed drivers; Microsoft reports no known issues at this time.

technology4 months ago

Why I Recommend Switching to Linux Instead of Upgrading to Windows 11

The article argues that Windows 11's requirements like TPM and Secure Boot are not as restrictive as they seem and can promote security and user choice, but also highlights concerns about potential misuse for surveillance and platform lock-in. The author recommends promoting Linux to customers as a more open and flexible alternative, emphasizing ease of use, software availability, and control over privacy.

How to Free Upgradе Your Incompatible Windows 10 PC to Windows 11
technology4 months ago

How to Free Upgradе Your Incompatible Windows 10 PC to Windows 11

Many Windows 10 PCs that are flagged as incompatible with Windows 11 may actually be upgradeable by enabling Secure Boot and TPM in the BIOS, with simple tweaks and checks using Microsoft's PC Health Check app. If your hardware supports UEFI and Secure Boot, and you can enable TPM, you can often upgrade to Windows 11 for free, even if initial notifications suggest otherwise.

How to Upgrade to Windows 11 and What to Expect After Windows 10 Ends
technology4 months ago

How to Upgrade to Windows 11 and What to Expect After Windows 10 Ends

Many Windows 10 PCs, even those marked as incompatible, can be upgraded to Windows 11 for free by adjusting settings like Secure Boot and TPM in the BIOS, often without needing new hardware. The process involves checking compatibility with Microsoft's PC Health Check app, enabling UEFI, Secure Boot, and TPM in BIOS, and possibly modifying registry settings for older hardware. If hardware isn't compatible, adding TPM modules might be an option, but older systems may require replacement. Upgrading is recommended for security reasons, especially as support for Windows 10 ends.

Battlefield 6 Developer Expresses Frustration Over Secure Boot Limiting Player Access
technology6 months ago

Battlefield 6 Developer Expresses Frustration Over Secure Boot Limiting Player Access

Battlefield 6's technical director expressed pride in the game's anti-cheat efforts, which include Secure Boot and kernel-level protections, but also acknowledged the ongoing, never-ending cat-and-mouse battle against cheaters and the frustration caused by the Secure Boot requirement that prevents some players from accessing the game.

Battlefield 6 Stops 330,000 Cheating Attempts with New Anti-Cheat System
technology6 months ago

Battlefield 6 Stops 330,000 Cheating Attempts with New Anti-Cheat System

During Battlefield 6's open beta, EA's anti-cheat system Javelin has successfully blocked over 330,000 cheat attempts and reviewed more than 100,000 potential cheaters, highlighting the ongoing effort to combat cheating with evolving detection techniques and security measures like Secure Boot, which helps prevent vulnerable drivers from loading and aids in cheat detection.

EA's Javelin Blocks 330,000 Cheat Attempts in Battlefield 6 in Two Days
technology6 months ago

EA's Javelin Blocks 330,000 Cheat Attempts in Battlefield 6 in Two Days

EA's Javelin anti-cheat system prevented 330,000 cheat attempts in the first two days of Battlefield 6's open beta, with efforts to improve detection, especially against sophisticated hardware-based cheats that bypass traditional systems. Despite ongoing cheater activity, EA emphasizes their multi-layered approach, including Secure Boot, to combat cheating, while acknowledging the challenges posed by advanced hardware methods. The beta is now open to all, with server capacity improvements noted.