{"id":7890,"date":"2024-08-27T05:01:04","date_gmt":"2024-08-26T20:01:04","guid":{"rendered":"https:\/\/m365jp.net\/?p=7890"},"modified":"2024-08-27T05:07:22","modified_gmt":"2024-08-26T20:07:22","slug":"mc873559-changes-to-windows-boot-manager-revocations-for-secure-boot-effective-july-9-2024","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2024-08-27-mc873559-changes-to-windows-boot-manager-revocations-for-secure-boot-effective-july-9-2024","title":{"rendered":"MC873559 | Changes to Windows Boot Manager revocations for Secure Boot, effective July 9, 2024"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC873559 | Changes to Windows Boot Manager revocations for Secure Boot, effective July 9, 2024<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>08\/26\/2024 19:14:29<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>08\/26\/2024 19:14:28<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>08\/26\/2025 19:14:28<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<div>Follow the new guidelines to deploy changes across enterprises and understand how the new Windows Boot Manager self-revocation works. These new guidelines are part of a plan with five phases to deploy protections against the publicly disclosed Secure Boot   security feature bypass (CVE-2023-24932).<\/div>\n<div>  <\/div>\n<div>The Deployment Phase is now in effect and documented in the updated<u> <\/u><a href=\"https:\/\/support.microsoft.com\/help\/5025885\" rel=\"noopener noreferrer\" target=\"_blank\">KB5025885<\/a>. This new phase starts with changes introduced by the July 2024 Windows   security update. Learn more about these changes at <a href=\"https:\/\/support.microsoft.com\/help\/5025885\" rel=\"noopener noreferrer\" target=\"_blank\">  KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932<\/a>,<\/div>\n<div>  <\/div>\n<div><b>When will this happen<\/b><\/div>\n<div>  <\/div>\n<div>The new Boot Manager is included in the Windows updates released on or after July 9, 2024.<\/div>\n<div>  <\/div>\n<div><b>How does this affect your organization<\/b><\/div>\n<div>  <\/div>\n<div>This update for Secure Boot has five phases:<\/div>\n<div>  <\/div>\n<ul>\n<li><b>Initial Deployment phase:<\/b> This phase started with updates released on May 9, 2023, and provided basic mitigations with manual steps to enable those mitigations.<\/li>\n<li><b>Second Deployment phase:<\/b> This phase started with updates released on July 11, 2023, which added simplified steps to enable the mitigations for the issue.<\/li>\n<li><b>Evaluation phase:<\/b> This phase started on April 9, 2024, and added additional Boot Manager&nbsp;mitigations.<\/li>\n<li><b>Deployment phase:<\/b> Starting with the July 9, 2024 update, we encourage all customers to begin deploying the mitigations and updating media.<\/li>\n<li><b>Enforcement phase:<\/b> The date for this phase will be announced in the future. The Enforcement phase will make the mitigations permanent. We are now in the Deployment phase. In this phase, we add support for Secure Version Number (SVN) to block older   Boot Managers. This update installs a new Boot Manager that has an SVN, and it allows you to set the same SVN in the firmware.<\/li>\n<\/ul>\n<div>  <\/div>\n<div><b>What you need to do to prepare<\/b><\/div>\n<div>  <\/div>\n<div>Install the Windows monthly servicing update released on or after July 9, 2024, on supported Windows devices. Take the following steps to apply the revocations, install the new Boot Manager, and apply the new SVN update:<\/div>\n<div>  <\/div>\n<ol>\n<li>Update the certificate definitions.<\/li>\n<li>Update the Boot Manager.<\/li>\n<li>Enable the revocations.<\/li>\n<li>Apply the SVN update to the firmware.<\/li>\n<\/ol>\n<div>  <\/div>\n<div>For more detailed steps, see <a href=\"https:\/\/support.microsoft.com\/help\/5025885\" rel=\"noopener noreferrer\" target=\"_blank\">  <u>KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932<\/u><\/a>.<\/div>\n<div>  <\/div>\n<div><b>Additional information<\/b><\/div>\n<div>  <\/div>\n<ul>\n<li><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2023\/04\/11\/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign\/\" rel=\"noopener noreferrer\" target=\"_blank\"><u>Guidance for investigating attacks using CVE-2022-21894: The BlackLotus   campaign<\/u><\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows-hardware\/manufacture\/desktop\/secure-boot-landing?view=windows-11\" rel=\"noopener noreferrer\" target=\"_blank\"><u>Secure Boot<\/u><\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/mem\/intune\/user-help\/you-need-to-enable-secure-boot-windows\" rel=\"noopener noreferrer\" target=\"_blank\"><u>Enable Secure Boot on enrolled Windows devices<\/u><\/a><\/li>\n<li>For events that are generated when applying DBX updates, see <a href=\"https:\/\/support.microsoft.com\/help\/5016061\" rel=\"noopener noreferrer\" target=\"_blank\">  <u>KB5016061: Addressing vulnerable and revoked Boot Managers<\/u><\/a>.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<div>\u65b0\u3057\u3044\u30ac\u30a4\u30c9\u30e9\u30a4\u30f3\u306b\u5f93\u3063\u3066\u3001\u4f01\u696d\u9593\u3067\u5909\u66f4\u3092\u30c7\u30d7\u30ed\u30a4\u3057\u3001\u65b0\u3057\u3044 Windows \u30d6\u30fc\u30c8 \u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u306e\u81ea\u5df1\u5931\u52b9\u306e\u3057\u304f\u307f\u3092\u7406\u89e3\u3057\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u65b0\u3057\u3044\u30ac\u30a4\u30c9\u30e9\u30a4\u30f3\u306f\u3001\u4e00\u822c\u306b\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u30bb\u30ad\u30e5\u30a2\u30d6\u30fc\u30c8\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9(CVE-2023-24932)\u306b\u5bfe\u3059\u308b\u4fdd\u8b77\u3092\u5c55\u958b\u3059\u308b\u305f\u3081\u306e5\u3064\u306e\u30d5\u30a7\u30fc\u30ba\u304b\u3089\u306a\u308b\u8a08\u753b\u306e\u4e00\u90e8\u3067\u3059\u3002<\/div>\n<div>  <\/div>\n<div>\u30c7\u30d7\u30ed\u30a4 \u30d5\u30a7\u30fc\u30ba\u304c\u6709\u52b9\u306b\u306a\u308a\u3001\u66f4\u65b0\u3055\u308c\u305f<u><\/u><a href=\"https:\/\/support.microsoft.com\/help\/5025885\" rel=\"noopener noreferrer\" target=\"_blank\">KB5025885<\/a>\u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u65b0\u3057\u3044\u30d5\u30a7\u30fc\u30ba\u306f\u30012024 \u5e74 7 \u6708\u306e Windows \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u3088\u3063\u3066\u5c0e\u5165\u3055\u308c\u305f\u5909\u66f4\u304b\u3089\u59cb\u307e\u308a\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u5909\u66f4\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u300c<a href=\"https:\/\/support.microsoft.com\/help\/5025885\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2023-24932   \u306b\u95a2\u9023\u3059\u308b\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8\u306e\u5909\u66f4\u306b\u5bfe\u3059\u308b Windows \u30d6\u30fc\u30c8 \u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u306e\u5931\u52b9\u3092\u7ba1\u7406\u3059\u308b\u65b9\u6cd5<\/a>\u300d\u306e KB5025885\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n<div>  <\/div>\n<div><b>\u3053\u308c\u306f\u3044\u3064\u8d77\u3053\u308b\u306e\u3067\u3057\u3087\u3046\u304b<\/b><\/div>\n<div>  <\/div>\n<div>\u65b0\u3057\u3044\u30d6\u30fc\u30c8 \u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u306f\u30012024 \u5e74 7 \u6708 9 \u65e5\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f Windows \u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<div><b>\u3053\u308c\u306f\u7d44\u7e54\u306b\u3069\u306e\u3088\u3046\u306a\u5f71\u97ff\u3092\u4e0e\u3048\u307e\u3059\u304b<\/b><\/div>\n<div>  <\/div>\n<div>\u3053\u306e\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u306f\u3001\u6b21\u306e 5 \u3064\u306e\u30d5\u30a7\u30fc\u30ba\u304c\u3042\u308a\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<ul>\n<li><b>\u521d\u671f\u30c7\u30d7\u30ed\u30a4 \u30d5\u30a7\u30fc\u30ba:<\/b> \u3053\u306e\u30d5\u30a7\u30fc\u30ba\u306f\u30012023 \u5e74 5 \u6708 9 \u65e5\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u304b\u3089\u958b\u59cb\u3055\u308c\u3001\u57fa\u672c\u7684\u306a\u8efd\u6e1b\u7b56\u3068\u3001\u305d\u308c\u3089\u306e\u8efd\u6e1b\u7b56\u3092\u6709\u52b9\u306b\u3059\u308b\u305f\u3081\u306e\u624b\u52d5\u624b\u9806\u304c\u63d0\u4f9b\u3055\u308c\u307e\u3057\u305f\u3002<\/li>\n<li><b>2 \u756a\u76ee\u306e\u30c7\u30d7\u30ed\u30a4 \u30d5\u30a7\u30fc\u30ba:<\/b> \u3053\u306e\u30d5\u30a7\u30fc\u30ba\u306f\u30012023 \u5e74 7 \u6708 11 \u65e5\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u304b\u3089\u958b\u59cb\u3055\u308c\u3001\u554f\u984c\u306e\u8efd\u6e1b\u7b56\u3092\u6709\u52b9\u306b\u3059\u308b\u305f\u3081\u306e\u7c21\u7565\u5316\u3055\u308c\u305f\u624b\u9806\u304c\u8ffd\u52a0\u3055\u308c\u307e\u3057\u305f\u3002<\/li>\n<li><b>\u8a55\u4fa1\u30d5\u30a7\u30fc\u30ba:<\/b> \u3053\u306e\u30d5\u30a7\u30fc\u30ba\u306f 2024 \u5e74 4 \u6708 9 \u65e5\u306b\u958b\u59cb\u3055\u308c\u3001\u30d6\u30fc\u30c8 \u30de\u30cd\u30fc\u30b8\u30e3\u30fc&nbsp;\u306e\u8efd\u6e1b\u7b56\u304c\u8ffd\u52a0\u3055\u308c\u307e\u3057\u305f\u3002<\/li>\n<li><b>\u30c7\u30d7\u30ed\u30a4\u30d5\u30a7\u30fc\u30ba:<\/b> 2024 \u5e74 7 \u6708 9 \u65e5\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u4ee5\u964d\u3001\u3059\u3079\u3066\u306e\u304a\u5ba2\u69d8\u306b\u8efd\u6e1b\u7b56\u306e\u30c7\u30d7\u30ed\u30a4\u3068\u30e1\u30c7\u30a3\u30a2\u306e\u66f4\u65b0\u3092\u958b\u59cb\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/li>\n<li><b>\u65bd\u884c\u30d5\u30a7\u30fc\u30ba:<\/b> \u3053\u306e\u30d5\u30a7\u30fc\u30ba\u306e\u65e5\u4ed8\u306f\u3001\u4eca\u5f8c\u767a\u8868\u3055\u308c\u307e\u3059\u3002\u9069\u7528\u30d5\u30a7\u30fc\u30ba\u3067\u306f\u3001\u8efd\u6e1b\u7b56\u304c\u6c38\u7d9a\u7684\u306b\u306a\u308a\u307e\u3059\u3002\u73fe\u5728\u3001\u30c7\u30d7\u30ed\u30a4\u30d5\u30a7\u30fc\u30ba\u306b\u5165\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30d5\u30a7\u30fc\u30ba\u3067\u306f\u3001\u53e4\u3044\u30d6\u30fc\u30c8 \u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u3092\u30d6\u30ed\u30c3\u30af\u3059\u308b\u305f\u3081\u306e\u30bb\u30ad\u30e5\u30a2 \u30d0\u30fc\u30b8\u30e7\u30f3\u756a\u53f7 (SVN) \u306e\u30b5\u30dd\u30fc\u30c8\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002\u3053\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3067\u306f\u3001SVN \u3092\u6301\u3064\u65b0\u3057\u3044\u30d6\u30fc\u30c8\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3001\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u306b\u540c\u3058 SVN \u3092\u8a2d\u5b9a\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/li>\n<\/ul>\n<div>  <\/div>\n<div><b>\u6e96\u5099\u306b\u5fc5\u8981\u306a\u3053\u3068<\/b><\/div>\n<div>  <\/div>\n<div>2024 \u5e74 7 \u6708 9 \u65e5\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f Windows \u6708\u6b21\u30b5\u30fc\u30d3\u30b9\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u3001\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b Windows \u30c7\u30d0\u30a4\u30b9\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u624b\u9806\u3067\u3001\u5931\u52b9\u3092\u9069\u7528\u3057\u3001\u65b0\u3057\u3044\u30d6\u30fc\u30c8\u30fb\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3001\u65b0\u3057\u3044 SVN \u66f4\u65b0\u3092\u9069\u7528\u3057\u307e\u3059\u3002<\/div>\n<div>  <\/div>\n<ol>\n<li>\u8a3c\u660e\u66f8\u306e\u5b9a\u7fa9\u3092\u66f4\u65b0\u3057\u307e\u3059\u3002<\/li>\n<li>\u30d6\u30fc\u30c8\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u3092\u66f4\u65b0\u3057\u307e\u3059\u3002<\/li>\n<li>\u5931\u52b9\u3092\u6709\u52b9\u306b\u3057\u307e\u3059\u3002<\/li>\n<li>SVN \u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u306b\u9069\u7528\u3057\u307e\u3059\u3002<\/li>\n<\/ol>\n<div>  <\/div>\n<div>\u8a73\u7d30\u306a\u624b\u9806\u306b\u3064\u3044\u3066\u306f\u3001\u300c <a href=\"https:\/\/support.microsoft.com\/help\/5025885\" rel=\"noopener noreferrer\" target=\"_blank\">  <u>KB5025885: CVE-2023-24932 \u306b\u95a2\u9023\u3059\u308b\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8\u306e\u5909\u66f4\u306b\u5bfe\u3059\u308b Windows \u30d6\u30fc\u30c8 \u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u306e\u5931\u52b9\u3092\u7ba1\u7406\u3059\u308b\u65b9\u6cd5<\/u><\/a>\u300d\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n<div>  <\/div>\n<div><b>\u8ffd\u52a0\u60c5\u5831<\/b><\/div>\n<div>  <\/div>\n<ul>\n<li><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2023\/04\/11\/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign\/\" rel=\"noopener noreferrer\" target=\"_blank\"><u>CVE-2022-21894 \u3092\u4f7f\u7528\u3057\u305f\u653b\u6483\u306e\u8abf\u67fb\u306b\u95a2\u3059\u308b\u30ac\u30a4\u30c0\u30f3\u30b9: BlackLotus \u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/u><\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows-hardware\/manufacture\/desktop\/secure-boot-landing?view=windows-11\" rel=\"noopener noreferrer\" target=\"_blank\"><u>\u30bb\u30ad\u30e5\u30a2\u30d6\u30fc\u30c8<\/u><\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/mem\/intune\/user-help\/you-need-to-enable-secure-boot-windows\" rel=\"noopener noreferrer\" target=\"_blank\"><u>\u767b\u9332\u6e08\u307f\u306e Windows \u30c7\u30d0\u30a4\u30b9\u3067\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8\u3092\u6709\u52b9\u306b\u3059\u308b<\/u><\/a><\/li>\n<li>DBX \u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u9069\u7528\u6642\u306b\u751f\u6210\u3055\u308c\u308b\u30a4\u30d9\u30f3\u30c8\u306b\u3064\u3044\u3066\u306f\u3001\u300c <a href=\"https:\/\/support.microsoft.com\/help\/5016061\" rel=\"noopener noreferrer\" target=\"_blank\">  <u>KB5016061: \u8106\u5f31\u306a\u30d6\u30fc\u30c8 \u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u3068\u5931\u52b9\u3057\u305f\u30d6\u30fc\u30c8 \u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u3078\u306e\u5bfe\u51e6<\/u><\/a>\u300d\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC873559 | Changes to Windows Boot Manager revocations for Secure Boot, effective July 9, 2024 Classification  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7890","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/7890","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=7890"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/7890\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=7890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=7890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=7890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}