Microsoft to Windows 10 users: Patch Secure Boot now against 'critical' bug

Microsoft's latest SSU helps fix a bug in Secure Boot that interferes with Windows' BitLocker encryption system.

Microsoft's plan to split Windows 10 from shell is happening Windows 10 preview shows signs of Windows OS separating from the shell in line with Microsoft's modular plans.

Microsoft is urging users of Windows 10 version 1903 to install this month's SSU or 'servicing stack update' to address a bug in a Secure Boot feature that could force the Windows BitLocker encryption system into recovery mode. 

Microsoft regularly provides SSUs to improve the Windows servicing stack, the component that installs Windows updates each month. Microsoft generally recommends installing SSUs ahead of the monthly cumulative updates. 

However, this month's SSU also contains a security fix rated as 'critical' by Microsoft's security response center. 

SEE: 10 tips for new cybersecurity pros (free PDF)

The update "addresses an issue with a Secure Boot feature update that may cause BitLocker to go into recovery mode because of a race condition", the company notes in a new KB article. The same issue is addressed in SSUs for older versions of Windows, too

The updates are available from the Microsoft Update Catalog or through Windows Server Update Services (WSUS).

Microsoft said it "strongly recommends" that users and admins install this latest SSU before installing the latest cumulative update, which was released along with this month's Patch Tuesday updates. 

As ZDNet reported yesterday, this month's updates bring a fix for a Win32k zero-day, marked as CVE-2019-1132, which was part of an attack used by Kremlin-backed hackers. 

The researcher at ESET, Anton Cherepanov, who found the exploit for the flaw, has now provided a detailed write-up about the local privilege-escalation issue

The exploit doesn't affect Windows 10 or Windows 8 but it does impact older versions including Windows 7 SP1, Windows Server 2008 SP2, and Windows Server R2 SP1. 

Cherepanov notes that the technique used in the current exploit is "very similar" to one used before 2017 by the advanced hacking group called Sednit, aka Fancy Bear, APT28, STRONTIUM, and Sofacy

According to Cherepanov, Windows 8 and later block a key component of the exploit chain, which is why the flaw only affects earlier versions of supported Windows versions. He notes that Microsoft back-ported the Windows 8 mitigation to Windows 7 for x64-based systems.

While Microsoft's push to get Windows 7 users to upgrade to a new version is often seen as nagging, Cherepanov contends that bugs like this are one reason Windows 7 users should follow Microsoft's advice. 

"People who still use Windows 7 for 32-bit systems Service Pack 1 should consider updating to newer operating systems, since extended support of Windows 7 Service Pack 1 ends on January 14, 2020. Which means that Windows 7 users won't receive critical security updates. Thus, vulnerabilities like this one will stay unpatched forever."

More on Microsoft and Windows security