Microsoft's Patch Tuesday events are monthly rollouts that fix issues in Windows and other services, while also providing security patches. However, it is very common for Patch Tuesdays to also cause issues of their own. And that is why is happening with April 2023 Patch Tuesday, which was released earlier this week.
Microsoft has reportedly pushed a security update for Secure Boot DBX that may cause some devices to fail to boot or enter a recovery mode. The update, KB5012170, was first released in December 2021 and then pulled back after users reported issues. However, some users have recently received the update again via Windows Update and encountered the same problems.
If you are unfamiliar with Secure Boot, it is a Windows 11 and Windows 10 feature prevents unauthorized software from loading during the boot process. It relies on a database of signatures (DBX) that are trusted or forbidden by the device firmware. Microsoft periodically updates the DBX to revoke signatures of vulnerable or malicious software.
You may remember last August there were issues with Secure Boot DBX in BitLocker. The issue came from the broken Secure Boot DBX (KB5012170), which users were unable to install because of a recent bug.
The KB5012170 update adds modules to the DBX that are associated with a security feature bypass vulnerability in GRUB, a common boot loader for Linux systems. The vulnerability, dubbed BootHole, was disclosed in July 2020 and affects devices that trust the Microsoft third-party UEFI Certificate Authority (CA) in their Secure Boot configuration.
Ongoing Problems from KB5012170
However, the update also seems to affect some devices that do not use GRUB or Linux, such as those running Windows 11 or Windows 10. Some users have reported that after installing the update, their devices fail to boot or enter a recovery mode that requires a BitLocker recovery key or a system restore.
Microsoft keeps trying to make this update stick, but it keeps just causing issues on Windows 11 and Windows 10. The company has yet to acknowledge the latest problem, so there is currently no news on a fix or workaround.
If you have already installed KB5012170 then you need to wait for Microsoft's response. If not, it is best to hold off on this update until Microsoft issues a fix.
Tip of the day: When Windows 10 or Windows 11 has issues, it's not rare to run into startup problems. Corrupted Windows files, incorrect system configuration, driver failure, or registry tweaks can all cause this issue.
Using Windows startup repair can fix boot issues caused by the most prevalent issues. Though it may seem that all is lost when you run into startup problems, it's important to try a Windows boot repair so you can at least narrow down the source of the issue. If it doesn't work, you may have to reinstall the OS or test your hardware.