“CVE-2020-0689” or the “Microsoft Secure Boot Security Feature Bypass Vulnerability” allows attackers to bypass secure boots. A secure boot is intended to guarantee that a device is only making use of software with valid credentials from an Original Equipment Manufacturer (OEM). However, this vulnerability permits attackers to load their own software. Thankfully, the vulnerability has not been exploited and the patch should block “vulnerable third-party bootloaders”.
The patch for this vulnerability requires a few steps before it is fixed for good for those who have not already installed the correct Servicing Stack Update (SSU). According to Microsoft, a servicing stack helps to properly install Windows updates. The SSU provides fixes for the servicing stack, prevents potential issues during installation, and includes features that are necessary for deploying updates. SSUs are separate from the cumulative update and it is recommended that the SSU be installed before it.
Once users have installed the correct SSU, they will need to install a standalone Secure Boot CVE-2020-0689 update. Users will then finally be able to install the February cumulative update. If a user has enabled Windows Defender Credential Guard (Virtual Secure Mode), they will also need to reboot their device twice. The fix for CVE-2020-0689 has been rated by Microsoft as “important”. If you already have the correct SSU installed, then you should not need to worry about any manual intervention.
Let’s hope that attackers do not exploit any vulnerable devices as users are figuring out the order of updates. CVE-2020-0689 was made public prior to Patch Tuesday. Attackers therefore presumably are well aware of the vulnerability’s potential.
This month’s cumulative update has already caused users quite a bit of grief. Some users have complained that their user profile has gone missing, while others have noted that their custom icons, desktop backgrounds, and desktop files had disappeared. Fortunately this issue has not resulted in a loss of data, but it is still an unnecessary annoyance.