Microsoft’s latest update for Security Baseline is causing component failures

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Microsoft’s latest update for Security Baseline is causing component failures
Security baseline update is causing component failures on Windows 10

It has come to the notice that the customers who deployed Microsoft’s security baseline for Windows 10 v1709 are likely to experience device and component failures. The Microsoft Baseline Security Analyzer is a tool by Microsoft which helps in determining the security state by accessing the missing security updates. The tool also analyses less-secure updates and encourages the users to remove the same.

Issue with BitLocker/DMA settings in Windows 10
The BitLocker GPO settings in the Windows security configuration baselines for Windows 10 includes “Disable new DMA devices when this computer is locked” This setting was originally launched with the Windows 10 v1703 and is also part of Microsoft’s recommended baselines for both v1703 and Windows 10v1709 (Creators Update.) In the recent past, the Group Policy setting for the v1709 was strengthened. This update leads to several problems with the network adapters, audio devices and also pointing devices.

In the meanwhile its crucial to understand the importance of Group Policy for BitLocker. The Group Policy extends protection against external devices which are plugged into the DMA ports, but with this update, the Group Policy started adversely affecting the internal components as well. Microsoft has informed that it is already aware of the problem and is working on a solution as well.

Microsoft recommends Windows 10v 1709 customers who are affected by this bug to revert the Group Policy setting to “Not Configured.” Alternatively, the settings can also be set to “disabled” in order to avoid this issue. That being said this is still a temporary workaround until Microsoft issues a patch.


Moreover, Microsoft has also mentioned that removing the setting will not negatively impact systems which do not have DMA ports and this includes the Microsoft Surface Pro and other OEM devices. Additionally, you may also check up with OEM for the exact specification of your device.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top