Posted By: Jenny100
ASUS motherboard + KB KB3133977 --> goodbye Windows 7 - 05/13/16 06:14 AM
I was listening to this week's Security Now podcast and heard this:
From the transcript at https://www.grc.com/sn/sn-559.htm
Quote:
ASUS motherboards for a long time have enabled Windows Secure Boot, or just generic... UEFI Secure Boot, by default. Secure Boot support was introduced with Vista, so it's always been built into Vista and successor OSes from Microsoft, thus Windows 7. Consequently, when Windows 7 systems have been installed on ASUS motherboards, which had Secure Boot enabled, those Windows 7 OSes were configured by the setup system with Secure Boot, which the OS supported by default.
Then, like a week and a half ago, for reasons still not explained, Microsoft reclassified a previously optional Windows Update, which is KB3133977. They reclassified it from optional to recommended. What that of course did was install itself on Windows 7 machines. What does 3133977 do? It removes from Windows 7 its support for Secure Boot because it's no longer "supported," in quotes. So everybody who had Windows 7 installed on ASUS motherboards, last week, when they rebooted their systems after this recommended update had installed itself and removed Secure Boot, was greeted with a big red warning from the BIOS with the title "Secure Boot Violation. The system found unauthorized changes on the firmware, operating system, or UEFI drivers."
"Press OK to run the next boot device" - meaning give up on booting your hard drive because of course you can't - "or enter directly to BIOS Setup if there are no other boot devices installed." And then it says, "Go to BIOS Setup > Advanced > Boot and change the current boot device into other secured boot devices."
Then, like a week and a half ago, for reasons still not explained, Microsoft reclassified a previously optional Windows Update, which is KB3133977. They reclassified it from optional to recommended. What that of course did was install itself on Windows 7 machines. What does 3133977 do? It removes from Windows 7 its support for Secure Boot because it's no longer "supported," in quotes. So everybody who had Windows 7 installed on ASUS motherboards, last week, when they rebooted their systems after this recommended update had installed itself and removed Secure Boot, was greeted with a big red warning from the BIOS with the title "Secure Boot Violation. The system found unauthorized changes on the firmware, operating system, or UEFI drivers."
"Press OK to run the next boot device" - meaning give up on booting your hard drive because of course you can't - "or enter directly to BIOS Setup if there are no other boot devices installed." And then it says, "Go to BIOS Setup > Advanced > Boot and change the current boot device into other secured boot devices."
The story has also been reported here
***Windows 7 Update KB3133977 Bricks PCs ASUS motherboards***
and here
***Windows Update KB3133977 is Deadly***.
and you can find more articles if you Google KB3133977.
Anyway, if you have Windows 7 and an Asus motherboard, be sure to turn off automatic updates and do your Windows updates manually, so you can make sure this nasty "update" doesn't download. If you see KB3133977 in the "Recommended" updates list, right-click it and "hide" it so it doesn't install.