Rescue Media no longer works after installing May 9 update and also applying Secure Boot revocations...


Rescue Media no longer works after installing May 9 update and also...
Author
Message
Keith Weisshar
Keith Weisshar
Advanced Member
Advanced Member (555 reputation)Advanced Member (555 reputation)Advanced Member (555 reputation)Advanced Member (555 reputation)Advanced Member (555 reputation)Advanced Member (555 reputation)Advanced Member (555 reputation)Advanced Member (555 reputation)Advanced Member (555 reputation)Advanced Member (555 reputation)
Group: Forum Members
Posts: 310, Visits: 520
Why does the Rescue Media no longer work after installing May 9 update and then applying the Secure Boot revocations from Step 3 of https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d?
dbminter
dbminter
Macrium Evangelist
Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)
Group: Forum Members
Posts: 4.5K, Visits: 48K
I'm not entirely up to date on the Secure Boot situation of these updates, but from what I read, ALL bootable media created before applying the Secure Boot updates will no longer work.  So, even Windows installation DVD's, ISO's, and thumb drives won't boot.


I am GUESSING recreating the Rescue Media will work, but I need to test my own Rescue Media and see if it still works.


Supposedly, all old Reflect images also won't boot if you restore a Windows partition.

jphughan
jphughan
Macrium Evangelist
Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)
Group: Forum Members
Posts: 14K, Visits: 82K
Did you read Step 2 in its entirety before proceeding to Step 3? Microsoft said that all pre-existing WinPE/RE environments would need to be updated to incorporate the new patch, and at least when I read it last week, they had not yet provided updated WinPE file sets for all kernel versions. If you're using WinRE for your Rescue Media, it's not clear from Microsoft's documentation whether installing that update also updates the WinRE environment. If you haven't already done so, try performing a forced rebuild on WinRE Rescue Media. But if that doesn't resolve it or you use WinPE rather than WinRE, then you'll probably have to wait until Microsoft themselves releases updates, per their warning.  Or as a stopgap, you can look at the "Updating Bootable Media > Enterprise" section and follow the instructions to use DISM to inject the May update into your Rescue Media WIM file, though you'll need to do that after every rebuild.

Edited 15 May 2023 5:56 PM by jphughan
Patrick O'Keefe
Patrick O'Keefe
Expert
Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)
Group: Forum Members
Posts: 563, Visits: 3.7K
jphughan - 15 May 2023 3:44 PM
... Microsoft said that all pre-existing WinPE/RE environments would need to be updated to incorporate the new patch, and at least when I read it last week, they had not yet provided updated WinPE file sets for all kernel versions.
A workable solution for those that performed the remediation is to turn off Secure Boot in UEFI when needing to boot from the recovery medium.

Regarding WinPE:
The last I read, Microsoft is not updating WinPE yet and has provided instructions for users to apply the patch themselves if they need it.  I've seen nothing indicating if/when they are going to patch it.  I've read somewhere (on this forum, I assume) that that the MR build process for WinPE recovery media downloads a copy of WinPE from Microsoft rather than using a local copy.  If that's true (and I really hope it is not) then patching a local copy WinPE is not going to help in creating a usable post-remediation WinPE recovery medium.  Maybe MR could incorporate the patching into the build process, but that seems like a bunch of extra work for something needed only until MS patches WinPE.

I think the best option for most home users is to not perform the remediation until things settle down a bit.  To exploit this vulnerability someone needs "physical access or Administrative rights" to the target system so we aren't terribly vulnerable.  (I assume that "administrative rights" bit is for access via Remote Desktop or similar software.  I may be more vulnerable than I would like.)

Mitch
Mitch
New Member
New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)
Group: Forum Members
Posts: 7, Visits: 297
After reading that the Rescue Media no longer works after installing May 9 update " I got to thinking I'd best get it done.

And then thought after a cold boot was it the ESC  F7 or the F12 key I have to pound ? I'm using paid home Macrium Ver 8.1.7469

TIA

Update - On my HP Omen it's the ESC key, tested my latest backup and all 'seems' to be working .....

Edited 19 May 2023 12:50 PM by Mitch
dbminter
dbminter
Macrium Evangelist
Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)
Group: Forum Members
Posts: 4.5K, Visits: 48K
The key you will have to press depends on your motherboard.  It varies from manufacturer to manufacturer.  For instance, on Dell's, it's generally F12.

jphughan
jphughan
Macrium Evangelist
Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)Macrium Evangelist (21K reputation)
Group: Forum Members
Posts: 14K, Visits: 82K
Mitch - 18 May 2023 8:37 PM
After reading that the Rescue Media no longer works after installing May 9 update...

This is not accurate. The issue only occurs if you install the update and perform a series of manual steps to implement "revocation" of previously trusted bootloaders. The reason those steps are currently manual rather than revocation being an automatic part of installing the update is because Microsoft knows that revocation at this stage would be too disruptive to the average PC user.  Revocation may occur as part of a future update, presumably after updates to older installation media and WinPE content have been made available so that users have an easy recourse to update their bootable media to become compatible with a system where revocation has been implemented.   But the update itself just makes the Windows environment compatible with a system where revocation has been applied.

Edited 18 May 2023 9:25 PM by jphughan
Ghot
Ghot
Junior Member
Junior Member (58 reputation)Junior Member (58 reputation)Junior Member (58 reputation)Junior Member (58 reputation)Junior Member (58 reputation)Junior Member (58 reputation)Junior Member (58 reputation)Junior Member (58 reputation)Junior Member (58 reputation)Junior Member (58 reputation)
Group: Forum Members
Posts: 27, Visits: 76
Windows 11 Home 22621.1702


I'm on the paid version 8.0.6635 and my Macrium bootable USB stick (made with the downloaded WinPE), still works.
But I have NOT done the revocations.

I also just "restored" a MAY 14th backup using my Macrium USB rescue media... worked perfectly.

Edited 18 May 2023 9:15 PM by Ghot
Patrick O'Keefe
Patrick O'Keefe
Expert
Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)Expert (817 reputation)
Group: Forum Members
Posts: 563, Visits: 3.7K
dbminter - 18 May 2023 8:49 PM
The key you will have to press depends on your motherboard.  It varies from manufacturer to manufacturer.  For instance, on Dell's, it's generally F12.

For some ASUS boards it's either F2 or Del (both work).  For my Lenovo Thinkpad it's F1.  (I think Enter works, too, but it's not mentioned in the doc.)  For an old Clevo/Sager (common in some lines of laptops) it's F2.  I'm not even sure it's consistent across all motherboards from a given manufacturer.  Often the BIOS splash screen mentioned the key to press, but not always.  You really need to check your device's User Guide.
dbminter
dbminter
Macrium Evangelist
Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)Macrium Evangelist (7.2K reputation)
Group: Forum Members
Posts: 4.5K, Visits: 48K
Dell's used to display it in a splash screen.  Then, they hid it behind an option where you had to go into BIOS to change to display the splash screen... which is hard to do if the PC DOESN'T tell you what that button is!  You have to look it up.  Now, I don't think the message is even displayed on Dell's UNTIL you press either F2 or F12, one of the two keys that are allowed.  THEN, a splash screen comes up telling you what F2 and F12 do.  By which time, it's not very helpful.

GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search