none
patch 3/15/2016 RRS feed

  • Question

  • hi,

    windows 7 x64 sp1, asus h97-pro, efi-csm, gpt, esp and no msr.

    KB3133977 bitlocker-patch:

    after a second boot -> Secure Boot Violation.

    KB3139923 msi-patch:

    tested ndp_4.6.1 security patches -> ends with heavy error.

    btw:

    no msr, Windows Boot Manager is only on startpartition.

    wfg


    • Edited by FlightX Saturday, March 19, 2016 5:03 PM
    Thursday, March 17, 2016 3:43 PM

Answers

  • It seems that ASUS boards are causing trouble with "Secure boot violation" after 04/12/2016 patch day. A workaround could be:

    a) set bios boot mode from "Windows UEFI boot" to "Other OS" 

    b) remove Secure boot keys

    See also Windows 7: "Secure Boot Violation" after April Patch day


    Gruß/greetings G. Born - Blogs: http://blog.borncity.com

    • Marked as answer by FlightX Wednesday, July 20, 2016 10:04 AM
    Sunday, April 17, 2016 8:15 PM
  • Hi Günter Born,

    since only Windows 7 is affected, I assume that this boot manager is missing a signature. It would be inacceptable if only ASUS protects the boot manager effectively.

    wfg






    • Edited by FlightX Friday, April 29, 2016 7:32 AM
    • Marked as answer by FlightX Wednesday, July 20, 2016 9:58 AM
    Thursday, April 28, 2016 5:25 AM

All replies

  • How do you manage to get this error?  Windows 7 does not work with Secure Boot.  Never has as far as I know.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

    Thursday, March 17, 2016 4:05 PM
  • Hi FlightX,

     

    Based on your description, it seems that after the update KB3139923, your system fail to start up.

    Please check it.

     

    Best Regards,

    Tao


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, March 18, 2016 2:12 PM
    Moderator
  • Hi Tao,

    it's KB3133977 that prevents the mobo to start windows. This happened without installed KB3139923.

    wfg


    • Edited by FlightX Friday, March 18, 2016 4:04 PM
    Friday, March 18, 2016 3:53 PM
  • Hi FlightX,

    It seems that we may try to unistall the KB and reinstall to see if it helps.

    https://www.microsoft.com/en-us/download/details.aspx?id=51560

    Best Regards,

    Tao


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Sunday, March 20, 2016 1:04 PM
    Moderator
  • Hi Tao,

    I tested it twice. It's difficult to uninstall when it's not allowed to start win. Because there is no ms system partition, efi secures the start partition. So changes to the efi directory are a violation.

    wfg




    • Edited by FlightX Wednesday, April 6, 2016 2:41 PM
    Sunday, March 20, 2016 4:54 PM
  • Hi Matt80134,

    well meant, but i don't use bitlocker.

    wfg

    Tuesday, March 22, 2016 4:38 PM
  • Hi,

    the msi patch KB3139923 is a patch for a patch that patches an outdated patch?

    omg


    • Edited by FlightX Tuesday, March 22, 2016 4:41 PM
    Tuesday, March 22, 2016 4:40 PM
  • Hi,

    The KB3139923 is published on 3/14/2016, I think it is not an outdated patch. Please refer to the link:

    http://www.microsoft.com/en-us/download/details.aspx?id=51558

    Best Regards,

    Tao


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, March 23, 2016 8:44 AM
    Moderator
  • Hi Tao,

    these thing I did not say.

    wfg

    Wednesday, March 23, 2016 6:54 PM
  • Would you please tell me more about the information? What error message have you met?

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, March 29, 2016 1:27 AM
    Moderator
  • Hi,

    we have the same issue. What was the solution?

    Kind regards,
    Roland

    Tuesday, March 29, 2016 5:45 PM
  • Hi Tony_Tao,

    currently msi.dll has 5.0.7601.18896 jun-2015. As you can see MS14-049 is already outdated. It shows 5.0.7601.18493 Jun-2014. See here.

    'heavy error'.

    wfg


    • Edited by FlightX Wednesday, April 6, 2016 2:37 PM
    Wednesday, March 30, 2016 1:03 PM
  • It seems very strange, we may try to uninstall the KB and see if it helps, as a workaround.

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, April 8, 2016 1:06 AM
    Moderator
  • Hi Tony_Tao,

    I had already uninstalled KB3139923 and reinstall KB3072630 successfully. In case of KB3133977 uninstallation didn't work. It is not allowed to restart.

    wfg


    • Edited by FlightX Friday, April 29, 2016 7:34 AM
    Saturday, April 16, 2016 7:56 PM
  • It seems that ASUS boards are causing trouble with "Secure boot violation" after 04/12/2016 patch day. A workaround could be:

    a) set bios boot mode from "Windows UEFI boot" to "Other OS" 

    b) remove Secure boot keys

    See also Windows 7: "Secure Boot Violation" after April Patch day


    Gruß/greetings G. Born - Blogs: http://blog.borncity.com

    • Marked as answer by FlightX Wednesday, July 20, 2016 10:04 AM
    Sunday, April 17, 2016 8:15 PM
  • Hi Günter Born,

    since only Windows 7 is affected, I assume that this boot manager is missing a signature. It would be inacceptable if only ASUS protects the boot manager effectively.

    wfg






    • Edited by FlightX Friday, April 29, 2016 7:32 AM
    • Marked as answer by FlightX Wednesday, July 20, 2016 9:58 AM
    Thursday, April 28, 2016 5:25 AM
  • Hi all,

    because of the way Microsoft blocked this, Secure Boot seems no longer safe.
    Even if the patch can be hidden, it should be better installed.

    Sincerely

    Sunday, September 10, 2017 6:50 PM