Security News > 2023 > May > Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?
Although you'll get the patch if you perform a full Patch Tuesday download and let the update complete.
The full patch involves updating Microsoft's bootup code in your hard disk's startup partition, and then telling your motherboard not to trust the old, insecure bootup code any more.
Microsoft has built the raw materials you need for this patch into the files you'll get when you download your May 2023 Patch Tuesday update, but has quite deliberately decided against activating all the steps needed to apply the patch automatically.
Manually patch all your bootable devices so they have the new bootup code on them.
If you're worried, you can simply install the patch but do nothing else right now, which leaves your computer running the new bootup code and therefore ready to accept the revocation described above, but still able to boot with your existing recovery disks.
Presumably, all official Microsoft installation downloads will be patched by then, so even if something does go wrong you will have an official way to fetch a reliable recovery image.
News URL
Related news
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)