Full Report
Microsoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up. [...]
Analysis Summary
# Vulnerability: Boot Errors on Surface Hub v1 After KB5060533 Update
## CVE Details
* **CVE ID:** Not applicable (This is an update-induced operational error, not a traditional security vulnerability with a CVE).
* **CVSS Score:** N/A
* **CWE:** N/A
## Affected Systems
* **Products:** Microsoft Surface Hub v1
* **Versions:** Devices running Windows that received the KB5060533 update.
* **Configurations:** Specific configurations related to the Surface Hub v1 hardware.
## Vulnerability Description
The June 2025 Windows update, identified as **KB5060533**, has introduced a defect specifically impacting Microsoft Surface Hub v1 devices, causing them to experience **boot errors** (indicated by a "Boot Violation" error in some reports). This update was released as part of Microsoft's June Patch Tuesday, which also addressed multiple security flaws (including CVE-2025-33053 and CVE-2025-33073).
## Exploitation
* **Status:** Not applicable (Operational issue, not a security exploit).
* **Complexity:** N/A
* **Attack Vector:** N/A
## Impact
* **Confidentiality:** Not directly impacted.
* **Integrity:** Device functionality is severely impacted (system unavailable).
* **Availability:** Critical impact, as affected devices cannot successfully boot.
## Remediation
### Patches
Microsoft released the KB5060533 update, which *caused* the issue. The article does not explicitly name the *fix* for the boot error, but subsequent actions by Microsoft are implied or part of ongoing support.
* **Note:** The related security updates from the same release addressed:
* CVE-2025-33053 (Actively exploited WebDAV zero-day)
* CVE-2025-33073 (Publicly disclosed Windows SMB privilege escalation vulnerability)
### Workarounds
The article highlights that devices are encountering a "Boot Violation error." No specific immediate workaround is provided in the summary text, suggesting system inoperability until a subsequent fix is released.
## Detection
* **Indicators of Compromise:** Devices displaying a "Boot Violation" error screen after applying KB5060533.
* **Detection Methods and Tools:** Monitoring fleet health status and boot sequences for Surface Hub v1 devices post-patching.
## References
* [Visible link: Microsoft KB5060533 update on BleepingComputer](https://www.bleepingcomputer.com/news/microsoft/microsoft-kb5060533-update-triggers-boot-errors-on-surface-hub-v1-devices/)
* [Visible link to MSRC advisory for CVE-2025-33053](http://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33053)
* [Visible link to MSRC advisory for CVE-2025-33073](http://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33073)