Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
This update is in response to the changes made today to the Windows Boot Manager revocations for Secure Boot in this blog post.
You can find all of the necessary information in that post.
To Summarize:
The procedures required to apply the Windows Boot Manager revocations for Secure Boot changes have changed significantly and the current category that applies them has been removed.
The new procedures are very extensive and require lots of work that might have adverse effect if automated at this point in time. According to the post, it requires new updated bootable media which haven't been released yet by Microsoft. It would also trigger BitLocker's recovery screen so user would need to keep the 48-digit recovery code accessible during the procedure.
Microsoft is planning to apply these changes automatically in the future through Windows Update.
Once updated bootable media (ISO files) have been released by Microsoft on July 9, 2024, I'll re-evaluate the procedures as to whether add automation for them in the Harden Windows Security Module or not.
As always, make sure you're using the latest version of the OS to stay safe and secure with the latest patches.
A: If you applied the old procedure either manually by following the official article or using the Harden Windows Security module, then you're good to go and don't need to make any more changes. If you never applied the mitigations, you can read the article and see if you want to follow it and apply the new mitigations manually, or just wait until they are automatically applied to your device in the near future through Windows Update.
What's Changed
This update is in response to the changes made today to the Windows Boot Manager revocations for Secure Boot in this blog post.
You can find all of the necessary information in that post.
To Summarize:
As always, make sure you're using the latest version of the OS to stay safe and secure with the latest patches.
Today's patch Tuesday update: https://support.microsoft.com/en-gb/topic/april-9-2024-kb5036893-os-builds-22621-3447-and-22631-3447-a674a67b-85f5-4a40-8d74-5f8af8ead5bb
Related discussion announcement: https://github.com/HotCakeX/Harden-Windows-Security/discussions/230
FAQ
Q: What about the old procedure?
A: If you applied the old procedure either manually by following the official article or using the Harden Windows Security module, then you're good to go and don't need to make any more changes. If you never applied the mitigations, you can read the article and see if you want to follow it and apply the new mitigations manually, or just wait until they are automatically applied to your device in the near future through Windows Update.