Updating Windows bootable media to use the PCA2023 signed boot manager


Updating Windows bootable media to use the PCA2023 signed boot manager - Microsoft Support

support.microsoft.com support.microsoft.com

KB ID: 5053484



Introduction

The PowerShell script described in this article can be used to update Windows bootable media so that the media can be used on systems that trust the “Windows UEFI CA 2023” certificate. This certificate is described in KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932.

How to get the PowerShell script

Download icon
Download the Make2023BootableMedia.ps1 PowerShell script now

Description

The Make2023BootableMedia.ps1 PowerShell script updates boot manager support on Windows media to the boot manager signed by the new “Windows UEFI CA 2023” certificate. The input and output can be bootable media of the following type:

  • ISO CD/DVD image file,
  • USB flash drive,
  • a local drive path, or
  • a network drive path.
The latest Windows Assessment and Deployment Kit (Windows ADK) can be found on the Download and install the Windows ADK page and is necessary for this script to work properly.

Notes

  • The Make2023BootableMedia.ps1 script should be run from an elevated PowerShell prompt.
  • You must provide the script with a media source (-MediaPath) which has the latest servicing updates applied.

Syntax

PowerShell
Make2023BootableMedia.ps1
  • [-MediaPath <path>]
  • [-TargetType <type>]
  • [-ISOPath <path>]
  • [-USBDrive <drive:>]
  • [-FileSystem <type>]
  • [-NewMediaPath <path>]
  • [-StagingDir <path>]

Parameters

-MediaPath <path>The path to the media folder or ISO file to be used as baseline. The media folder can be a local drive path or a network share.
-TargetType <type>The type of media to be created (ISO, USB, or LOCAL).
  • ISO: Convert media specified in -MediaPath to 2023 bootable ISO file. Targets -ISOPath.
  • USB: Convert media specified in -MediaPath to 2023 bootable image and writes it to -USBDrive.
  • LOCAL: Convert media specified in -MediaPath to 2023 bootable image copied to -NewMediaPath.
-ISOPath <path>The path to the new ISO file to be created from -MediaPath.
-USBDrive <drive:>The drive letter to a target USB drive (example E:).
-FileSystem <type>This parameter is optional. It allows specifying the file system to format the USB drive with (FAT32 or ExFAT). The default is ExFAT.
-NewMediaPath <path>Required when TargetType is LOCAL. -MediaPath content is duplicated here and then updated.
-StagingDir <path>Overrides default temporary staging path used by this script. System %TEMP% is used by default with a random subfolder.

Example commands

Example 1: Copy baseline media directory, update, and create ISO

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win10Media -TargetType ISO -ISOPath C:\Media\Win10_Updated.iso

Example 2: Copy baseline media ISO, update, and create ISO

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win11.iso -TargetType ISO -ISOPath C:\Media\Win11_Updated.iso

Example 3: Copy baseline media share, update, and create ISO

Make2023BootableMedia.ps1 -MediaPath \\server\share\Win11_Media -TargetType ISO -ISOPath C:\Media\Win11_Updated.iso

Example 4: Copy baseline ISO from share, update, and create ISO

Make2023BootableMedia.ps1 -MediaPath \\server\share\Win11.iso -TargetType ISO -ISOPath C:\Media\Win11_Updated.iso

Example 5: Copy baseline from media directory, update, and create USB flash drive

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win1124H2 -TargetType USB -USBDrive H:

Example 6: Copy baseline from ISO, update, and create USB flash drive

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win11.iso -TargetType USB -USBDrive E:

Example 7: Copy baseline from media directory, update, and create new media directory

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win1124H2 -TargetType LOCAL -NewMediaPath C:\Media\Win1124H2_Updated

Example 8: Copy baseline from ISO, update, and create new media directory

Make2023BootableMedia.ps1 -MediaPath H:\Media\Win11.iso -TargetType LOCAL -NewMediaPath R:\Win11_Updated

Example 9: Copy baseline from media directory, update, and create ISO using specified staging directory

Make2023BootableMedia.ps1 -MediaPath C:\Media\Win1124H2 -TargetType ISO -ISOPath C:\Media\Win1124H2_Updated.iso -StagingDir C:\Temp\Win1124H2
 
Click to expand...
This is the newly updated fix for boot media if you have applied the black lotus mitigation update. This updates your installed boot media (flashdrive with windows on it). This is a lot easier than the previous directions. We are getting closer to this being patched for all machines with a simple windows update.

For more details, use the linked article.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Ryzen 7 5700 X3D
    Motherboard
    MSI MPG B550 GAMING PLUS
    Memory
    64 GB DDR4 3600mhz Gskill Ripjaws V
    Graphics Card(s)
    RTX 4070 Super , 12GB VRAM Asus EVO Overclock
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Hard Drives
    2TB Samsung nvme ssd
    2TB XPG nvme ssd
    PSU
    CORSAIR RMx SHIFT Series™ RM750x 80 PLUS Gold Fully Modular ATX Power Supply
    Case
    CORSAIR 3500X ARGB Mid-Tower ATX PC Case – Black
    Cooling
    ID-COOLING FROSTFLOW X 240 CPU Water Cooler
    Internet Speed
    900mbps DOWN, 100mbps UP
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
You must log in or register to reply here.

Latest Support Threads

Latest Tutorials

Back
Top Bottom