The April 2023 Patch Tuesday gave birth to several cumulative updates, some of which target Windows. Unfortunately, not everything goes as planned. Pay attention to KB5012170.
Microsoft’s big monthly maintenance is an important appointment. The giant provides solutions to security, performance and stability issues. This meeting is scheduled every second Tuesday of each month.
The April Patch Tuesday was an opportunity to resolve several flaws, some of which were deemed critical. According to sources close to the giant, all known flaws have not yet been corrected. For example, the third phase of security reinforcement around the Kerberos protocol was supposed to take place, but this did not happen. It is likely that Microsoft’s internal tests did not validate a certain level of reliability and quality. The publication has therefore been postponed pending a more impactful approach.
Windows 10/11, Microsoft releases buggy KB5012170 update
On the other hand, and surprisingly, Redmond republished, on the same day of Patch Tuesday, a “faulty” update to correct a secure boot vulnerability. The first attempt dates back to August 2022 through the publication of this update KB5012170, once more available via the online service Microsoft Catalog Update. It targets PCs running Windows 10 or Windows 11.
It is supposed to close a critical vulnerability in Secure Boot GRUB. However, during its deployment it caused problems which prevented it from installing correctly (error 0x800f0922). At the time Microsoft proposed a workaround while indicating that the bug was under study.
Solution : This issue can be mitigated on some devices by updating the UEFI BIOS to the latest version before attempting to install KB5012170.
Next steps : We are currently investigating and will provide an update in a future release.”
The new version of this KB does not seems not be 100% operational and the situation is worrying. The latest feedback indicates that the failures are still relevant, forcing in some cases to switch Bitlocker to recovery mode.
So be careful and the best for the moment and do not install this optional update KB5012170.
