Microsoft released cumulative updates for all supported versions of Windows on the August 2022 Patch Day. The company did release a second security update for Windows at the day to address issues in Secure Boot DBX.
Installation of the second update may throw the error 0x800f0922 and the update fails to install as a consequence.
Microsoft describes the issue on the known issues and notifications support page for supported operating systems, e.g., for Windows 11 and Windows 10.
When attempting to install KB5012170, it might fail to install, and you might receive an error 0x800f0922.
The issue is unrelated to the installation of the cumulative updates for Windows, which Microsoft released on the same day.
Microsoft suggests that administrators may be able to resolve the issue by updating the UEFI bios of the system to the latest version before installing KB5012170. Whether that is possible depends on the installed version of the UEFI bios, and whether an update is available.
The company is investigating the issue currently and plans to “provide an update in an upcoming release”.
Secure Boot DBX update
A support page for the Secure Boot DBX update has additional information. The update has been released for several supported client and server versions of the Windows operating system, including Windows 8.1, Windows 10 and Windows 11.
The update improves Secure Boot DBX in Windows:
This security update makes improvements to Secure Boot DBX for the supported Windows versions listed in the “Applies to” section.
Windows devices with UEFI based firmware support Secure Boot. Secure Boot is a security feature that protects the boot process of the system. The Secure Boot Forbidden Signature Database (DBX) database “prevents UEFI modules from loading”. Microsoft confirms that the KB5012170 update adds modules to DBX.
The update addresses a security feature bypass vulnerability in secure boot by updating the DBX with information about the signatures of the known vulnerable UEFI modules. An attacker could exploit the issue to bypass secure boot and load untrusted software.
An advisory page on Microsoft’s website provides additional information on the issue. According to Microsoft, the security issue was found in the GRUB bootloader, which is commonly used by Linux.
To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA).
The attacker could install an affected GRUB and run arbitrary boot code on the target device. After successfully exploiting this vulnerability, the attacker could disable further code integrity checks thereby allowing arbitrary executables and drivers to be loaded onto the target device.
Most Windows devices are not in immediate danger judging from the description.
KB5012170 is provided via Windows Update, other update management systems, and as a direct download on the Microsoft Update Catalog website.
Now You: did you install the KB5012170 update on your devices?