LANDESK Patch News Bulletin: Microsoft has Released KB2962824 Which is a Revocation of Digital Signatures of Private 3rd Party UEFI Modules 14-MAY-2014

Version 1

    LANDESK Security and Patch News \




    • (May 14, 2014) Microsoft has released one KB2962824. With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot.
    • These UEFI (Unified Extensible Firmware Interface) modules are partner modules distributed in backup and recovery software. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are not in compliance with our certification program and are being revoked at the request of the author.
    • Microsoft is not aware of any misuse of the affected UEFI modules. Microsoft is proactively revoking these non-compliant modules in coordination with their author as part of ongoing efforts to protect customers. This action only affects systems running Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2 that are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled.\
    • Recommendation. The affected UEFI modules are partner modules distributed in backup and recovery software. Customers with concern that they may be using an affected UEFI module should consult the "What does this update do?" and the "What revoked digital signatures are addressed by this Update Rollup of Revoked Non-compliant UEFI modules?" advisory FAQs for information on affected UEFI modules.Please visit the following page for more details:


    New Vulnerabilities

    • Vulnerability ID – 2962824


    Changed Vulnerabilities

    • Vulnerability ID – 2961887(Added the replacement information.)


    New Patch Downloads

    • windows8-rt-kb2920189-x86.msu
    • windows8-rt-kb2920189-x64.msu
    • windows8.1-kb2920189-x86.msu
    • windows8.1-kb2961908-x86.msu
    • windows8.1-kb2920189-x64.msu
    • windows8.1-kb2961908-x64.msu


    Where to Send Feedback

    At LANDESK, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.


    Best regards,

    LANDESK Product Support


    Copyright © 2014 LANDESK Software.  All rights reserved. LANDESK is either a registered trademark or trademark of LANDESK Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.


    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDESK disclaims any liability with respect to this document and LANDESK has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit