Pull to refresh

Comments 3

As for 3 June, the bootloader is still not revoked, UEFI forum replied that the information had been sent to security team at first (I've prepared all the information and a minimal vulnerable disk image), but then stopped replying after 7 May.
Microsoft released Windows 10 update KB4524244 on 11.02.2020, which revokes Kaspersky bootloader (adds its hash to UEFI dbx), but on 15.02.2020 revoked the update since it brought issues to several HP motherboards:

More information on Windows website:
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.

Microsoft revoked the following hashes in this update:
{microsoft} {sha256} 81d8fb4c9e2e7a8225656b4b8273b7cba4b03ef2e9eb20e0a0291624eca1ba86
{microsoft} {sha256} b92af298dc08049b78c77492d6551b710cd72aada3d77be54609e43278ef6e4d
{microsoft} {sha256} e19dae83c02e6f281358d4ebd11d7723b4f5ea0e357907d5443decc5f93c1e9d
{microsoft} {sha256} 39dbc2288ef44b5f95332cb777e31103e840dba680634aa806f5c9b100061802
{microsoft} {sha256} 32f5940ca29dd812a2c145e6fc89646628ffcc7c7a42cae512337d8d29c40bbd
{microsoft} {sha256} 10d45fcba396aef3153ee8f6ecae58afe8476a280a2026fc71f6217dcf49ba2f

One of which is Kaspersky Rescue Disk vulnerable bootloader (bootx64.efi) hash.
BOOTX64.EFI 81d8fb4c9e2e7a8225656b4b8273b7cba4b03ef2e9eb20e0a0291624eca1ba86
Others are unknown, but confirmed not to include other vulnerable non-disclosed boot loaders.
UEFI Forum has updated dbx list on their website. Kaspersky's BOOTX64.EFI is #30.
30: {microsoft} {sha256} 81d8fb4c9e2e7a8225656b4b8273b7cba4b03ef2e9eb20e0a0291624eca1ba86
Only those users with full accounts are able to leave comments. Log in, please.