Microsoft February Update: Fixes 75 vulnerabilities, upgrades Windows 8-era secure boot keys

Microsoft released KB5034765 for Windows 11 and KB5034763 for Windows 10 cumulative updates during this month’s Patch Tuesday event. These updates fix 73 security vulnerabilities and 2 zero-day vulnerabilities.

IT Home is based on Microsoft’s February cumulative update log. The number of fixed vulnerabilities is as follows:

• 30 Remote Code Execution Vulnerabilities
• 16 Privilege Elevation Vulnerabilities
• 10 Deceptive Security Questions
• 9 Denial of Service Vulnerabilities
• 5 Disclosure Questions
• 3 Security Feature Bypass Security Vulnerabilities

In addition to fixing the above vulnerabilities, Microsoft also issued an important announcement about Secure Boot, planning to launch new keys in 2023 to strengthen security.

"Secure Boot" is a UEFI security feature in the PC industry, first introduced on Windows 8 devices. Its purpose is to prevent malware such as rootkits and bootkits from tampering with the system before the computer starts.

If these bootkits are successfully implanted, they are likely to escape detection by anti-malware software. Microsoft requires OEM manufacturers to pre-install the following three management certificates:

• Key Exchange Key (KEK)
• Allowed Signature Database (DB)
• Disallowed Signature Database (DBX)

The above three certificates were all issued in the Windows 8 era and will expire in 2026, when their age will reach 15 years.

CA or key management authenticity and validity ensures that each component is safe and trustworthy.

Microsoft announced the change in its Tech Community blog post:

Microsoft is working with ecosystem partners to launch replacement certificates and establish new UEFI Certificate Authority (CA) trust anchors for future secure boot.

Please watch for a phased rollout of Secure Boot database updates to increase trust in the new Database (DB) and Key Exchange Key (KEK) certificates. Starting February 13, 2024, all devices with Secure Boot enabled will have the option to use the new database update.

Users can also manually update these certificates for secure boot. Related operations can be found here.

The above is the detailed content of Microsoft February Update: Fixes 75 vulnerabilities, upgrades Windows 8-era secure boot keys. For more information, please follow other related articles on the PHP Chinese website!