Applies ToWindows Server 2012 Windows Server 2012 R2 Windows 10 Windows 10 Education, version 1607 Windows 10 Professional version 1607 Windows 10 Enterprise, version 1607 Windows 10 Enterprise version 1607 Windows 10 Enterprise, version 1809 Windows 10 Professional Education version 1607 Windows 10 Pro Education, version 1607 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows 10 Home and Pro, version 21H2 Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise, version 21H2 Windows 10 Home and Pro, version 22H2 Windows 10 Enterprise Multi-Session, version 22H2 Windows 10 Enterprise and Education, version 22H2 Windows 10 IoT Enterprise, version 22H2 Windows 11 Home and Pro, version 21H2 Windows 11 Enterprise Multi-Session, version 21H2 Windows 11 Enterprise and Education, version 21H2 Windows 11 IoT Enterprise, version 21H2 Windows 11 Home and Pro, version 22H2 Windows 11 Enterprise Multi-Session, version 22H2 Windows 11 Enterprise and Education, version 22H2 Windows 11 IoT Enterprise, version 22H2 Azure Local, version 22H2 Windows 11 Home and Pro, version 23H2 Windows 11 Enterprise and Education, version 23H2 Windows 11 Enterprise Multi-Session, version 23H2 Windows 11 IoT Enterprise, version 23H2

Original publish date: February 4, 2025

KB ID: 5053484

Introduction

The PowerShell script described in this article can be used to update Windows bootable media so that the media can be used on systems that trust the “Windows UEFI CA 2023” certificate. This certificate is described in KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932.

How to get the PowerShell script

Download icon Download the Make2023BootableMedia.ps1 PowerShell script now

Description

The Make2023BootableMedia.ps1 PowerShell script updates boot manager support on Windows media to the boot manager signed by the new “Windows UEFI CA 2023” certificate. The input and output can be bootable media of the following type:

  • ISO CD/DVD image file,

  • USB flash drive,

  • a local drive path, or

  • a network drive path.

The latest Windows Assessment and Deployment Kit (Windows ADK) can be found on the Download and install the Windows ADK page and is necessary for this script to work properly.

Notes

  • The Make2023BootableMedia.ps1 script should be run from an elevated PowerShell prompt.

  • You must provide the script with a media source (-MediaPath) which has the latest servicing updates applied.

Syntax

PowerShell

Make2023BootableMedia.ps1

  •      [-MediaPath <path>]

  •      [-TargetType <type>]

  •      [-ISOPath <path>]

  •      [-USBDrive <drive:>]

  •      [-FileSystem <type>]

  •      [-NewMediaPath <path>]

  •      [-StagingDir <path>]

Parameters

-MediaPath <path>

The path to the media folder or ISO file to be used as baseline. The media folder can be a local drive path or a network share.

-TargetType <type>

The type of media to be created (ISO, USB, or LOCAL).

  • ISO: Convert media specified in -MediaPath to 2023 bootable ISO file. Targets -ISOPath.

  • USB: Convert media specified in -MediaPath to 2023 bootable image and writes it to -USBDrive.

  • LOCAL: Convert media specified in -MediaPath to 2023 bootable image copied to -NewMediaPath.

-ISOPath <path>

The path to the new ISO file to be created from -MediaPath.

-USBDrive <drive:>

The drive letter to a target USB drive (example E:).

-FileSystem <type>

This parameter is optional. It allows specifying the file system to format the USB drive with (FAT32 or ExFAT). The default is ExFAT.

-NewMediaPath <path>

Required when TargetType is LOCAL. -MediaPath content is duplicated here and then updated.

-StagingDir <path>

Overrides default temporary staging path used by this script. System %TEMP% is used by default with a random subfolder.

Example commands

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win10Media -TargetType ISO -ISOPath C:\Media\Win10_Updated.iso

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win11.iso -TargetType ISO -ISOPath C:\Media\Win11_Updated.iso

Make2023BootableMedia.ps1 -MediaPath \\server\share\Win11_Media -TargetType ISO -ISOPath C:\Media\Win11_Updated.iso

Make2023BootableMedia.ps1 -MediaPath \\server\share\Win11.iso -TargetType ISO -ISOPath C:\Media\Win11_Updated.iso

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win1124H2 -TargetType USB -USBDrive H:

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win11.iso -TargetType USB -USBDrive E:

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win1124H2 -TargetType LOCAL -NewMediaPath C:\Media\Win1124H2_Updated

Make2023BootableMedia.ps1 -MediaPath H:\Media\Win11.iso -TargetType LOCAL -NewMediaPath R:\Win11_Updated

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win1124H2 -TargetType ISO -ISOPath C:\Media\Win1124H2_Updated.iso -StagingDir C:\Temp\Win1124H2

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.