Microsoft admits there are problems with the KB5012170 system update

Microsoft has confirmed that there is a little problem with the Windows update function, but this time it was caused by the update of several Windows versions recently released by the company.

Microsoft says users may see error 0x800f0922 when trying to install the Secure Boot DBX (KB5012170) update. This issue affects all supported versions of Windows from Win8.1 to Win11 (client and server).

According to the company, affected versions of Windows include:

• Windows 11, 21H2

• Windows 10, 21H2

• Windows 10, 21H1

• Windows 10, 20H2

• Windows 10 Enterprise LTSC 2019

• Windows 10 Enterprise LTSC 2016

• Windows 10 Enterprise LTSB 2015

• Windows 8.1

• Windows Server 2022

• Windows Server, version 20H2

• Windows Server 2019

• Windows Server 2016

• Windows Server 2012 R2

• Windows Server 2012

Microsoft said its engineers and developers are investigating the vulnerability. While a full fix doesn't exist yet, Microsoft has given a temporary solution, although it won't work for all users. Simply put, affected users can bypass the issue by updating their BIOS to the latest version before installing KB5012170.

It's worth noting that this issue only affects security updates for Secure Boot DBX. If you don't need Secure Boot, just ignore it. Or, if your model does not have a newer version of the UEFI BIOS update, then you can only wait for Microsoft to give a more complete solution.

When trying to install KB5012170, it may fail and you may receive an error "0x800f0922". Note: This issue only affects the Security Update for Secure Boot DBX (KB5012170) and does not affect the latest Cumulative Security Update, Monthly Rollup, or Security Update released on August 9, 2022.

Upgrading the UEFI bios to the latest version before installing KB5012170 can alleviate this issue. Next steps: We are investigating and will provide an update in an upcoming release.

KB5012170: Summary of Security Updates for Secure Boot DBX

This security update makes improvements to the supported versions of Secure Boot DBX for Windows listed in the "Applies to" section. Major changes include:

Windows devices with Unified Extensible Firmware Interface (UEFI-based) firmware can run with Secure Boot enabled. The Secure Boot Signature Database (DBX) prevents UEFI modules from loading. This update adds modules to DBX.

A security feature bypass vulnerability exists in Secure Boot. An attacker who successfully exploited the vulnerability could bypass Secure Boot and load untrusted software.

The security update addresses the vulnerability by adding the signatures of known vulnerable UEFI modules to DBX.

Applies to:

• Windows Server 2012

• Windows 8.1 and Windows Server 2012 R2

• Windows 10 version 1507

• Windows 10 version 1607 and Windows Server 2016

• Windows 10 version 1809 and Windows Server 2019

• Windows 10 version 20H2

• Windows 10 version 21H1

• Windows 10 version 21H2

• Windows Server 2022

• Windows 11 version 21H2 (original version)

• Azure Stack HCI version 1809

• Azure Stack Data Box version 1809 (ASDB)

Some overseas netizens solved this problem by clearing the secure boot key and BitLocker , but it does not seem to apply to everyone.