KB5012170: Windows update error 0x800f0922, UEFI bios update can fix it

Microsoft released cumulative updates for all supported Windows versions on August 2022 Patch Day. The company released a second security update for Windows that day to fix issues in Secure Boot DBX.

Installing the second update may trigger error 0x800f0922 and hence the update fails to install.

Microsoft describes the issue on the support page for known issues and notifications for supported operating systems, e.g. B. for Windows 11 and Windows 10.

When attempting to install KB5012170, the installation may fail and you may receive an error 0x800f0922.

The problem is unrelated to installing the Cumulative Updates for Windows that Microsoft released on the same day.

Microsoft suggests that administrators may be able to fix the issue by updating the system’s UEFI BIOS to the latest version before installing KB5012170. Whether this is possible depends on the installed version of the UEFI bios and whether an update is available.

The company is currently investigating the issue and plans to “provide an update in an upcoming release.”

Secure Boot DBX update

A support page for the Secure Boot DBX update provides additional information. The update was released for several supported client and server versions of the Windows operating system, including Windows 8.1, Windows 10 and Windows 11.

The update improves Secure Boot DBX in Windows:

This security update improves Secure Boot DBX for the supported Windows versions that are listed in the “Applies to” section.

Windows devices with UEFI-based firmware support Secure Boot. Secure Boot is a security feature that protects the system boot process. The DBX database (Secure Boot Forbidden Signature Database) “prevents UEFI modules from loading”. Microsoft confirms that update KB5012170 adds modules to DBX.

The update addresses a security feature bypass vulnerability in secure boot by updating DBX with information about the signatures of known vulnerable UEFI modules. An attacker could exploit the issue to bypass Secure Boot and load untrusted software.

A help page on the Microsoft website provides additional information about this issue. According to Microsoft, the security problem was found in the GRUB bootloader, which is commonly used by Linux.

To exploit this vulnerability, an attacker would need administrative rights or physical access to a system on which Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA).

The attacker could install an affected GRUB and run arbitrary boot code on the target device. After successfully exploiting this vulnerability, the attacker could disable further code integrity checks, allowing arbitrary executable files and drivers to be loaded onto the target device.

Most Windows devices are described as not immediately at risk.

KB5012170 is made available through Windows Update, other update management systems, and as a direct download from the Microsoft Update Catalog website.

Now you: Have you installed the KB5012170 update on your devices?


KB5012170: Windows update error 0x800f0922, UEFI bios update can fix it

Product Name

KB5012170: Windows update error 0x800f0922, UEFI bios update can fix it


KB5012170 installation may exit unexpectedly with error code 0x800f0922. Find out what this means and how you might be able to solve it.


Martin Brinkmann


Ghacks technology news



About Willie Ash

Check Also

can-newsletter.org – Miscellaneous

The MSP family from Promik is growing: The MSP2300Net in-system programmer enables the shortest programming …