Pete Batard
Pete Batard
> I'm actually confident that there isn't any transcoding process happening Transcoding audio is peanuts. It's transcoding video that is CPU intensive, but for any modern processor, decoding and reencoding...
Aha, I was wondering how long Microsoft would try to swipe that CVE under the carpet until they had no choice but to take action. > If possible, detect this...
I saw the registry key, but I don't think it's enough, because it only tells if the current machine *might* have been upgraded to reject old MS bootloaders, but not...
Aha! Since we're talking about an upcoming revocation, and Microsoft is the __sole__ entity that controls the revocation list, I didn't think they would have started to add DBX entries...
Indeed, Microsoft explicitly state [here](https://support.microsoft.com/en-us/topic/kb5027455-guidance-for-blocking-vulnerable-windows-boot-managers-522bb851-0a61-44ad-aa94-ad11119c5e91): > We have released the DbxUpdate.bin file for this issue on [UEFI.org](https://uefi.org/). These hashes include all revoked Windows boot managers released between Windows 8 and...
I guess the other option we have, since we're going to have to deal with a version whatershed anyway, is to not bother with hashes and just check the version...
Interestingly, if we need to download a `bootmgfw.efi` replacement, we may end up using [the same method as the actual Black Lotus malware](https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/) (See _"1. An installer deploys files to...
Even more interestingly, since it appears that we can easily download Windows 8.1's `diskcopy.dll` from `https://msdl.microsoft.com/download/symbols/diskcopy.dll/54505118173000/diskcopy.dll`, that Black Lotus trick may help us restore the MS-DOS installation functionality, that we...
Gotta also leave https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d#updatebootable5025885 here. Of course, it would be A LOT better if Microsoft did bother to check the "content" they provide an have an actual working hyperlink for:...
What a load of crap this whole thing is! So I updated a system following the [_3. APPLY the revocations_ steps from Microsoft](https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d#apply5025885), doing everything as described (double reboot, wait...