Microsoft had recently releasedย the Windows KB5012170 ‘Security update for Secure Boot DBX’ย to address vulnerabilities found in various UEFI (Unified Extensible Firmware Interface) bootloaders.
Secure Boot is a security feature that protects the boot process of the system. However, bootloaders have vulnerabilities that could be exploited by threat actors to bypass Secure Boot protection and execute infected code when the operating system starts.
To fix these vulnerabilities, Microsoft added the signatures of the known vulnerable UEFI modules to UEFI Revocation List, also known as theย Secure Boot Forbidden Signature Databaseย (DBX), thus avoiding them from being used with Secure Boot.
The Redmond giant has already acknowledged in its known issues that some original equipment manufacturer (OEM) firmware might not allow the update to be installed or it might fail to install with certain BitLocker Group Policy configurations or throw up a โ0x800f0922โ error if the device does not have a valid bootloader.
Microsoft says you can fix the โ0x800f0922โ error by installing the latest version of UEFI firmware, if available.
Besides the โ0x800f0922โ error, several users have complained that the Windows KB5012170 update for Secure Boot is reportedly causing BitLocker recovery screens, slow boot times, and more for its users after installation of the update.
As first reported by The Register, some Windows users reported that after installing the Windows KB5012170 update, theย BitLocker Recoveryย screen is displayed when the computer starts. For the unversed, BitLocker is the Windows feature that protects disks with encryption.
Many reports on Microsoft Forums,ย Reddit, andย Twitter also complained about experiencing the same problem.
To unlock the drive, Windows 11 is asking customers to enter the recovery key on the BitLocker recovery screen. Thankfully, the bug does not affect the stored data, which means individual users can retrieve the key from their Microsoft account, while enterprises can retrieve the recovery key from the Active Directory Users and Computers.
In addition to the BitLocker recovery problems, some users (viaย Bleeping Computer) have encountered other problems, such asย slow booting timesย or changing of disk configurations from RAID to AHCI in the UEFI settings.
โI have Windows 10 21H1 and after I downloaded the update last week I noticed the boot time change to VERY long,” wrote one user of Bleeping Computer.
“Can confirm that. Whats worse, the update changed my RAID mode to AHCI, so I had to manually put that back on approx 10 devices, that ran into BSOD. All of them. Almost brand new Latitudes 5320 and all behaved the same. You can see, if the update changed your RAID mode too,” wrote another user.
As of now, there is no fix available and the only solution is to install the latest version of UEFI, if available. If the latest firmware update is not available, the only workaround is to remove patch KB5012170 until Microsoft releases a fix.