汇总记录各种奇特的windows手工更新

1.- Microsoft Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Please refer to this advisory page for more information and updates on this Vulnerability; [CVE-2024-21302](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302)

fix步骤:

参考:https://support.microsoft.com/en-us/topic/kb5042562-guidance-for-blocking-rollback-of-virtualization-based-security-vbs-related-security-updates-b2e7ebf4-f64d-4884-a390-38d63171b8d3#bkmk_policy_activation_events

打开powershell,输入:Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard

Windows安全手工更新步骤_Windows

此时:VirtualizationBasedSecurityStatus 为0,UsermodeCodeIntegrityPolicyEnforcementStatus 也为 0

添加SiPolicy.p7b

# Initialize policy location and destination

$PolicyBinary = $env:windir+"\System32\SecureBootUpdates\VbsSI_Audit.p7b"

$DestinationBinary = $env:windir+"\System32\CodeIntegrity\SiPolicy.p7b"

# Copy the audit policy binary

Copy-Item -Path $PolicyBinary -Destination $DestinationBinary -force

然后重启,再次检查

Windows安全手工更新步骤_安全更新_02

此时 UsermodeCodeIntegrityPolicyEnforcementStatus 为 1