Again in February of 2024, Microsoft introduced that it was rolling out new 2023 Safe Boot Certificates Authority (CA) or keys that will change the earlier one from 2011 when Home windows 8 was round and the Safe Boot function was first conceived.

The rollout started with the Patch Tuesday updates that month (KB5034765 for Home windows 11 and KB5034763, and extra for Home windows 10). This was necessary for the reason that 2011 certificates can be 15 years outdated in 2026, which is when they’re set to run out.

In the present day, the corporate has printed a PowerShell script to replace the Home windows bootable media such that it is going to be capable of belief the brand new Home windows UEFI CA 2023 certificates. It offers with the Black Lotus Safe Boot vulnerability tracked underneath ID CVE-2023-24932.

For these questioning, Certificates Authorities (CAs) or keys basically assist handle the authenticity and validity of varied essential elements like bootloaders, drivers, firmware, and different functions.

In regards to the new PowerShell script, Microsoft explains:

The PowerShell script described on this article can be utilized to replace Home windows bootable media in order that the media can be utilized on methods that belief the “Home windows UEFI CA 2023” certificates.

The Make2023BootableMedia.ps1 PowerShell script updates boot supervisor assist on Home windows media to the boot supervisor signed by the brand new “Home windows UEFI CA 2023” certificates. The enter and output might be bootable media of the next sort:

• ISO CD/DVD picture file,
• USB flash drive,
• an area drive path, or
• a community drive path.

The corporate has additionally requested customers to notice a couple of necessary particulars when performing the replace:

The newest Home windows Evaluation and Deployment Equipment (Home windows ADK) might be discovered on the Obtain and set up the Home windows ADK web page and is important for this script to work correctly.

Notes

• The Make2023BootableMedia.ps1 script must be run from an elevated PowerShell immediate.
• You will need to present the script with a media supply (-MediaPath) which has the newest servicing updates utilized.

You could find the complete particulars about it right here within the KB5053484 assist article that Microsoft is sustaining on its official web site.