Microsoft security advisory: Update to revoke noncompliant UEFI boot loader modules

Article translations Article translations
Article ID: 2871690 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website:
http://technet.microsoft.com/security/advisory/2871690

More information

For all supported x86-based versions of Windows 8

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows 8

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows Server 2012

Collapse this imageExpand this image
Download
Download the package now.

Release Date: December 10, 2013

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

More information

Known issues with this security update

  • You cannot start the computer after you install this security update

    If you install this security update on a system that uses a noncompliant Unified Extensible Firmware Interface (UEFI) module, you may be unable to start the computer.

    If your system will not start after you install this security update, follow these steps:
    1. Use Windows Defender Offline to make sure that no malware is present on the system. For more information, go to the following Microsoft webpage:
      http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
    2. Restart the computer by using recovery media (on USB, DVD, or network (PXE) boot), and then perform recovery operations. For more information, go to the following Microsoft webpage:
      http://technet.microsoft.com/en-us/library/hh824874.aspx
    To avoid this issue, we recommend that you apply this update after you remove noncompliant UEFI modules from your system to make sure that the system can successfully start, and consider upgrading to compliant UEFI modules if they are available.

    For more information about your UEFI module, contact the UEFI module supplier. This might include the system vendor, the plug-in card vendor, or other UEFI software vendors such as UEFI backup and restore solutions, UEFI anti-malware, and so on.

    For information about how to contact the UEFI module supplier, visit the following Microsoft website:
    http://support.microsoft.com/gp/vendors


  • You receive a 0x800f0922 error when you try to install this security update

    Symptoms
    Consider the following two configurations:
    • Scenario one
      You have a Windows Server 2012-based server that uses UEFI firmware and has the Secure Boot option enabled.
    • Scenario two
      You have a Windows Server 2012 R2-based Hyper-V host running and you are running a Generation 2 virtual machine guest that uses UEFI firmware support and has the Secure Boot option enabled. The guest virtual machine is running Windows 8 or Windows Server 2012.
    In these configurations, security update 2871690 may not install, and you receive a 0x800f0922 error message.

    Cause
    This error occurs because the installer for security update 2871690 incorrectly expects BitLocker to be installed.

    Workaround
    To work around this issue, use one of the following methods, based on your scenario:
    • Workaround for scenario one
      Install the BitLocker optional component on the server that uses UEFI and that has the Secure Boot option enabled.
    • Workaround for scenario two
      Install the BitLocker optional component on the guest virtual machine in the Hyper-V configuration.
    Note You do not have to configure BitLocker on any drive. It is only necessary for the BitLocker component to be present on Window Server 2012 when you install security update 2871690.

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows 8 and Windows Server 2012 file information

Collapse this imageExpand this image
assets folding start collapsed
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Collapse this tableExpand this table
    VersionProductMilestoneService branch
    6.2.920 0.16 xxxWindows 8 and Windows Server 2012RTMGDR
    6.2.920 0.20 xxxWindows 8 and Windows Server 2012RTMLDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Dbupdate.binNot Applicable302-Jun-201214:53Not applicable
Dbxupdate.binNot Applicable3,81918-Feb-201423:07Not applicable
Dbupdate.binNot Applicable302-Jun-201214:53Not applicable
Dbxupdate.binNot Applicable3,81918-Feb-201423:07Not applicable

For all supported x64-based versions of Windows 8 and Windows Server 2012

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Dbupdate.binNot Applicable302-Jun-201214:53Not applicable
Dbxupdate.binNot Applicable3,81918-Feb-201423:07Not applicable
Dbupdate.binNot Applicable302-Jun-201214:53Not applicable
Dbxupdate.binNot Applicable3,81918-Feb-201423:07Not applicable
Collapse this imageExpand this image
assets folding end collapsed

File hash information

Collapse this imageExpand this image
assets folding start collapsed
Collapse this tableExpand this table
File nameSHA1 hashSHA256 hash
Windows8-RT-KB2871690-v2-x64.msu3CB63ACA31B477DA90E87402D0AE3BC90C0EAFB68FDD5761BEFEE74E68FC86E24B6423268AF286D10B39C74118B7B5C8A02DDFE7
Windows8-RT-KB2871690-v2-x86.msuC0F78CDC9DDE9A009D94179CB313DEF16CBBC4AEE06C234A226D50F39A79733CFB1D6D7CF9564A212A58836B62B75CBBBCB608A9
Collapse this imageExpand this image
assets folding end collapsed

Properties

Article ID: 2871690 - Last Review: March 26, 2014 - Revision: 3.0
Applies to
  • Windows 8
  • Windows 8 Enterprise
  • Windows 8 Pro
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Essentials
  • Windows Server 2012 Foundation
  • Windows Server 2012 Standard
Keywords: 
kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability KB2871690

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com