MC708249 – Reminder: Changes to Windows Boot Manager revocations for Secure Boot effective April 9, 2024 Icon

check before: 2024-04-09


Office 365 general, Windows


Windows Desktop, World tenant


Change type:

Admin impact



Windows updates released July 11, 2023 and later include security measures which protect against a Secure Boot bypass vulnerability disclosed in CVE-2023-24932. Secure Boot is a Windows security feature designed to protect devices from bootkit malware.

Windows security updates include options to manually enable protections against Secure Boot bypass beginning July 11, 2023. Enforcement and deployment phases for these protections are coming with updates being released on April 9, 2024, and throughout 2024. For detailed information, see KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932.

When will this happen:

April 9, 2024 or later - Third Deployment Phase
Windows updates released on and after this date will provide new mitigations to block additional vulnerable boot managers.

October 8, 2024 or later - Mandatory Enforcement Phase
Windows updates released on and after this date which are installed to affected systems will enforce the Code Integrity Boot policy and Secure Boot disallow list revocations related to this hardening. There will be no option to disable this enforcement after this update.

The Mandatory Enforcement Phase described above is the final phase of these security hardening measures.

Change Category:


Release Phase:



the free basic plan is required to see all details. Sign up here

A plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to please choose a plan.

Share to MS Teams

Login to your account

Welcome Back, We Missed You!