Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000213253

Windows Update KB5025885 Prevents Reinstallation of Microsoft Windows

Summary: This article describes the impact and potential workaround for the Windows Update KB5025885 that may prevent reinstallation of Microsoft Windows.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

Applies to: Windows client and server media

On May 9, 2023, Microsoft started to push KB5025885 to all impacted devices. The update is marked as critical or automatic, and Windows automatically consume and install the update.

Only after the manual remediation, all OSRI media that have been created prior to the policy update will become unbootable including:

  • Recovery media and ISOs (including Dell SupportAssist OSRI, SupportAssist USB media, SupportAssist OS streaming through BIOSConnect)
  • Windows backups created before the update was installed
  • Windows Recovery
  • Windows PE
  • Push-Button Reset
  • Windows Deployment Service (WDS)
  • Microsoft Deployment Toolkit (MDT)
  • HTTPS Boot
  • Official Windows media from Microsoft
    • Media Creation Tool
    • Volume Licensing or Visual Studio subscription downloads
  • USB Media

Cause

For full mitigation see Microsoft Security Advisor KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 This hyperlink is taking you to a website outside of Dell Technologies.

Resolution

What happens when I do not update the policy?

Existing OSRI media and Windows Backups continue to work.

When will Dell and Microsoft provide updated OSRI images or media?

Dell is actively working on updating OSRI media. We will update this article as we progress, and updated images become available.

Can I revert the policy update in order to use OSRI media and Windows Backups?

No.

Can I disable Secure Boot to use OSRI media?

Dell does not recommend reducing the security posture of a device.

What error message will I see when the OSRI media fails to boot?

Windows Boot Manager may stop the boot process with error 0xC0000428: Windows cannot verify the digital signature when OSRI was performed from media.

Boot Manager Error

(Figure 1. Boot Manager Error)

Windows may stop with error 0xC0e90002 when Windows Recovery (WinRE) is invoked.

Error when Push Button Reset or Windows Reset was used

(Figure 2. Error when Push-Button Reset or Windows Reset was used)

How can I verify that the revocation was activated?
  1. Open Event Viewer.
    • Windows versions with the Start menu:
      • Choose Start menu > Control Panel > Administrative Tools > Event Viewer.
    • Windows versions with the Start screen:
      • Open Search, type eventvwr to find the Event Viewer.
  2. Click Windows Logs.
  3. Click System.
  4. Click the Find button on the right side of the screen. A window opens.
  5. Type either Secure boot or dbx.
  6. If renovation is installed, it shows "Secure Boot Dbx update applied successfully" (Figure 3). If not, then it is safe to do OSRI using your preferred method.
    Secure Boot Dbx update applied successfully message
    (Figure 3. Secure Boot Dbx update applied successfully message)

If the revocation is installed, operating system reinstall media may not work.

Article Properties

Affected Product

Chromebox, Alienware, Inspiron, G Series, Chromebook, G Series, Alienware, Inspiron, Latitude, Fixed Workstations

Product

OptiPlex, Vostro, XPS, Vostro, XPS, Mobile Workstations

Last Published Date

07 Aug 2023

Version

8

Article Type

Solution

Back to Top