Windows 10 Patch Tuesday August 2022: KB5012170 Fails To Install
This month’s Windows Update KB5012170 install problem fixed on Dell OptiPlex 7020: go into BIOS, disable Secure Boot then KB5012170 installs with no problem. Reboot, go into BIOS, enable Secure Boot again. Is Secure Boot worth having or should it be given the boot? What do people think?
Update: another vintage Dell Windows 10 machine Latitude E5540 installed KB5012170 with Secure Boot enabled in the BIOS with no problem at all.
In Known Issues Microsoft say “Some original equipment manufacturer (OEM) firmware might not allow for the installation of this update. To resolve this issue, contact your firmware OEM.”
“If BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the update failing to install. To view the PCR7 binding status, run the Microsoft System Information (Msinfo32.exe) tool with administrative permissions.To workaround this issue, do one of the following before you deploy this update:
- On a device that does not have Credential Guard enabled, run following command from an Administrator command prompt to suspend BitLocker for 1 restart cycle:
Manage-bde –Protectors –Disable C: -RebootCount 1
Then, deploy the update and restart the device to resume the BitLocker protection.
- On a device that has Credential Guard enabled, run the following command from an Administrator command prompt to suspend BitLocker for 2 restart cycles:
Manage-bde –Protectors –Disable C: -RebootCount 3
Then, deploy the update and restart the device to resume the BitLocker protection.”
“When attempting to install this update, it might fail to install, and you might receive Error 0x800f0922. This issue can be mitigated on some devices by updating the UEFI bios to the latest version before attempting to install this update.”
“We are presently investigating and will provide an update in an upcoming release.”
To be continued…