Windows users who have installed a new KB5012170 security update for Secure Boot have encountered a variety of issues ranging from boot issues with BitLocker Recovery prompts to performance issues.
A UEFI bootloader loads immediately after a device is booted and is responsible for starting the UEFI environment with the Secure Boot function, so that only trusted code can be run when starting the Windows boot process.
During the August 2022 Patch Tuesday, Microsoft released the standalone KB5012170 “Security Update for Secure Boot DBX” to fix vulnerabilities in several UEFI boot loaders that threat actors could use to bypass the Windows Secure Boot feature and extract unsigned code. to feed.
To address these vulnerabilities, Microsoft has added the certificates required to load the vulnerable UEFI boot loaders to the UEFI Revocation List – the Secure Boot Forbidden Signature Database (DBX), which prevents them from being used with Secure Boot.
However, if your device does not have a valid bootloader, attempting to install the KB5012170 update will generate a 0x800f0922 error and prevent the installation from completing, which is a good thing because otherwise your device would not boot.
Microsoft says you can fix this error by checking for updated UEFI firmware from your device manufacturer.
KB5012170 causes a lot of problems
In addition to the 0x800f0922 error, Windows users are now reporting problems with Windows after installing the KB5012170 update.
As first reported by TheRegister, some Windows users encounter BitLocker Recovery screens after installing the update. According to one of their readers, 2% of Windows 11 devices showed BitLocker recovery screens after installing the update.
Other users on the Microsoft Answers forum, Twitterand Reddit have also said they are experiencing the same behavior.
For those affected by the Bitlocker recovery screen, you can usually find your recovery key stored in your Microsoft account. Instructions for finding this information can be found in this Microsoft support document.
For business users, Windows administrators can get the Bitlocker recovery key from the Active Directory Users and Computers.
In addition to the BitLocker recovery issues, BleepingComputer readers have said they are experiencing slow boot times, or their drive configurations have been changed from RAID to AHCI in the firmware settings.
“I have Windows 10 21H1 and after downloading the update last week I noticed that the boot time was getting VERY long,” reads a comment on BleepingComputer.
“Can confirm. What’s worse, the update changed my RAID mode to AHCI, so I had to manually reset it on about 10 devices, which ran into BSOD. All of them. Nearly brand new Latitudes 5320 and they all behaved the same. You can see if the update also changed your RAID mode,” reads another comment.
Fortunately, users should only encounter these problems once, and they should disappear after you enter the BitLocker recovery key or change disk configurations.
However, it is highly recommended to check for updated UEFI firmware before attempting to install this update to save yourself a possible headache.