Security News > 2023 > May > Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?
Although you'll get the patch if you perform a full Patch Tuesday download and let the update complete.
The full patch involves updating Microsoft's bootup code in your hard disk's startup partition, and then telling your motherboard not to trust the old, insecure bootup code any more.
Microsoft has built the raw materials you need for this patch into the files you'll get when you download your May 2023 Patch Tuesday update, but has quite deliberately decided against activating all the steps needed to apply the patch automatically.
Manually patch all your bootable devices so they have the new bootup code on them.
If you're worried, you can simply install the patch but do nothing else right now, which leaves your computer running the new bootup code and therefore ready to accept the revocation described above, but still able to boot with your existing recovery disks.
Presumably, all official Microsoft installation downloads will be patched by then, so even if something does go wrong you will have an official way to fetch a reliable recovery image.
News URL
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)