You are currently offline, waiting for your internet to reconnect

Microsoft security advisory: Update rollup of revoked noncompliant UEFI modules

 
INTRODUCTION
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:
More information
The following files are available for download from the Microsoft Download Center:

For all supported x86-based versions of Windows 8

DownloadDownload the update package now.

For all supported x64-based versions of Windows 8

DownloadDownload the update package now.

For all supported x64-based versions of Windows Server 2012

DownloadDownload the update package now.

For all supported x86-based versions of Windows 8.1

DownloadDownload the update package now.

For all supported x86-based versions of Windows 8.1 without update 2919355 installed

DownloadDownload the update package now.

For all supported x64-based versions of Windows 8.1

DownloadDownload the update package now.

For all supported x64-based version of Windows 8.1 without update 2919355 installed

DownloadDownload the update package now.

For all supported x64-based versions of Windows Server 2012 R2

DownloadDownload the update package now.

For all supported x64-based versions of Windows Server 2012 R2 without update 2919355 installed

DownloadDownload the update package now.

Release Date: May 13, 2014

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

File hash information

File nameSHA1 hashSHA256 hash
Windows8-RT-KB2920189-x64.msuFE5DE44CE540BB7DEC0352124285F280C1897C3CD87E59FE445D3984450E24FA19BCF9F6DC7BFAE25A16C946B5E0F6EA1E41A97A
Windows8-RT-KB2920189-x86.msu92991DD8A5CD43DD154737C47EDEBF0ADE1CEC07A02D667EBEEDA34BF5F7367AB82C9FAF1CC0A05D4816C12B3BC31E57968F9C2D
Windows8.1-KB2920189-x64.msuC24ED9942FC5620F15E4FF8E397BF3BD14B898FCD07AEBD62E4C13024C8AE825303CC91CB8D49EEEC0A921ECBE46B47EDB59A407
Windows8.1-KB2920189-x86.msu8580BC54511D58EE473E09811F139636D93067F79C44D060EDCB758068D9673A7A4336AF9B3480FEEF44F899A13BAA0A1F411FF0
Windows8.1-KB2961908-x64.msuA52E1FDF7F4EBE32535F61C4F0E60B8E3905DD01C80716AA8B6C692A6DF1DE7C19C4A6736B867056F3794066CC13EFA4E9D15E01
Windows8.1-KB2961908-x86.msu4BD6069836A5CF21DA6BEFF828362279A2265D7756307CDA19CF936B1C3234774B9D0A693F1A4B4A9C187AE9E365C479A846C484

Known issues with this security update

  • You cannot start the computer after you install this security update

    If you install this security update on a system that uses a noncompliant Unified Extensible Firmware Interface (UEFI) module, you may be unable to start the computer.

    If your system will not start after you install this security update, follow these steps:
    1. Use Windows Defender Offline to make sure that no malware is present on the system. For more information, go to the following Microsoft webpage:
    2. Restart the computer by using recovery media (on USB, DVD, or network [PXE] restart), and then perform recovery operations. For more information, go to the following Microsoft webpage: 
    To avoid this issue, we recommend that you apply this update after you remove noncompliant UEFI modules from your system to make sure that the system can successfully start. Also, consider upgrading to compliant UEFI modules if they are available. 

    For more information about your UEFI module, contact the UEFI module supplier. This might include the system vendor, the plug-in card vendor, or other UEFI software vendors such as UEFI backup and restore solutions, UEFI anti-malware, and so on.

    For information about how to contact the UEFI module supplier, go to the following Microsoft website:

  • You receive a 0x800f0922 error when you try to install this security update

    Symptoms
    Consider the following two configurations:
    • Configuration 1
      You have a Windows Server 2012-based server that uses UEFI firmware and has the Secure Boot option enabled.
    • Configuration 2
      You have a Windows Server 2012 R2-based Hyper-V host running and are running a Generation 2 virtual machine guest that uses UEFI firmware support and has the Secure Boot option enabled. The guest virtual machine is running Windows 8 or Windows Server 2012.
    In these configurations, security update 2962824may not install, and you receive a 0x800f0922 error message. 

    Cause
    This error occurs because the installer for security update 2962824 incorrectly expects BitLocker to be installed.

    Workaround
    To work around this issue, use one of the following methods, based on your scenario:
    • Workaround for configuration 1
      Install the BitLocker optional component on the server that uses UEFI and that has the Secure Boot option enabled.
    • Workaround for configuration 2
      Generation 2 virtual machines are not affected by this issue, and you do not have to install the update in this case. 
    Note You do not have to configure BitLocker on any drive. It is necessary only for the BitLocker component to be present on Window Server 2012 when you install security update 2962824. 

More information about this security update

The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
  • 2920189 Description of the update rollup of revoked noncompliant UEFI modules: May 13, 2014
  • 2961908 Description of the update rollup of revoked noncompliant UEFI modules: May 13, 2014
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 2962824 - Last Review: 06/13/2014 16:09:00 - Revision: 4.0

Windows RT 8.1, Windows 8.1, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows Server 2012 R2 Standard, Windows 8, Windows 8 Enterprise, Windows 8 Pro, Windows Server 2012 Datacenter, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows Server 2012 Standard

  • kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability KB2962824
Feedback
1; var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" =">rack by $index" class="col-sm-6 col-xs-24 ng-scope"> 香港特別行政區 - 繁體中文
El Salvador - Español
Panamá - Español
Uruguay - Español
대한민국 - 한국어
España - Español
Paraguay - Español
Venezuela - Español
"https://c1.microsoft.com/c.gif?DI=4050&did=1&t=">var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" /html>appendChild(m);" onload="var m=document.createElement('meta');m.name='ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src="http://c1.microsoft.com/c.gif?"> y>