Has anyone built any content to address the workflow for updating the Cert for UEFI Secure Boot?
Microsoft article on KB5025885
Will HCL release a task to perform this update on systems with SecureBoot enabled?
Yes, we actually released that last year when the mitigations were ‘Optional’. See this fixlet in Patches for Windows site:
502588501 5025885: Manage of the Windows Boot Manager revocations for Secure Boot changes associated with (CVE-2023-24932) - KB5025885|
Will there be any updates to this fixlet now that they released updates in this month as part of cumulative os updates?
Currently it appears to only report about 137 systems in my environment, which has 666 servers reporting to have SecureBoot enabled.
I have spot checked a few not in the fixlet list and they do not have the new CA update applied to the boot manager.
It also looks like the Reg Key settings may have changed, the fixlet references numbers which are different then the current article.
Ah, thanks for bringing that to my attention. I’ve pinged the Patch team on it and will let you know what I find.