FYI: In 2020 Microsoft had a new vulnerability related to Secure Boot under ADV200011 described. As a result, a DBX blacklist was introduced that checks whether a vulnerable module wants to access the boot loader.
Under the KB4575994 Microsoft had posted a manual how to add a DBX block list. This list is now maintained via Windows Update and the DBX block list checks at each start whether an unauthorized module is accessing it.
Under the KB5016061 Microsoft has now described for all Windows and server versions from Windows 8.1 that if unauthorized access to Secure Boot in the UEFI occurred, this will appear as an entry in the event viewer. This is entered under Event ID 1033, source, with the message “A potentially locked boot manager was detected in an EFI partition.” The name of the module is also given.
So you know that you have a module that is listed in the DBX ban list. Microsoft itself only writes as a measure: “In most cases, the vendor of the vulnerable module should have an updated version that fixes this vulnerability. Please contact your manufacturer to get the update.”
[related_posts_by_tax taxonomies=”post_tag”]
The post Windows and Server: Event ID 1033 logs a vulnerable Secure Boot-based component appeared first on Gamingsym.