This issue does not represent a security vulnerability but rather an operational challenge in updating KEK on Azure VMs with Secure Boot enabled. No direct real-world exploitability exists; it affects only specific administrative actions.
The issue involves updating the KEK on Azure Windows VMs with Secure Boot enabled, affecting users trying to update Secure Boot variables. The impact is limited to those attempting specific firmware updates.
Affected Systems
- Azure Windows Virtual Machines (Windows Server 2022)
Affected Versions: Fully patched versions including 20348.4773
Remediation
- Ensure the VM has Trusted Launch enabled and Secure Boot is configured properly.
- Verify that the user account attempting to update KEK has appropriate permissions.
- Review Azure documentation for specific instructions on updating KEK in environments with Secure Boot.
Stack Impact
This issue does not directly affect nginx, docker, linux kernel, openssh, curl, openssl, python, or homelab components but could impact any service running on the affected Windows VM.