Full Report
Microsoft has released the KB5058379 cumulative update for Windows 10 22H2 and Windows 10 21H2, with four fixes and changes, including one for an SGRMBroker bug. [...]
Analysis Summary
This summary focuses on security-relevant findings mentioned within the provided context related to the Windows 10 KB5058379 update. **Note:** Since the provided text is an article summary primarily detailing cumulative bug fixes rather than a specific security vulnerability disclosure, CVEs are not explicitly listed for the fixes described. Specific severity scores and detailed exploit information for the noted kernel blocklist changes are also external to this specific snippet.
# Vulnerability: Security Updates in Windows 10 KB5058379 (May 13, 2025)
## CVE Details
- CVE ID: Not explicitly disclosed in the summary for the primary fixes.
- CVSS Score: N/A (The document focuses on cumulative updates and known issues, not a specific, newly disclosed vulnerability with a score.)
- CWE: N/A
## Affected Systems
- Products: Windows 10 (Versions 21H2 mentioned specifically)
- Versions: Systems that installed or were impacted by updates released January 14, 2025, or later (for the SgrmBroker issue).
- Configurations: Relevant to systems using Citrix Session Recording Agent (SRA) version 2411 (Known Issue for 21H2).
## Vulnerability Description
The update KB5058379 contains several fixes, including:
1. **SgrmBroker Error Fix:** Corrects an issue where the Event Viewer showed error Event 7023 related to the System Guard Runtime Monitor Broker service terminating, specifically on systems updated after January 14, 2025.
2. **Vulnerable Driver Blocklist:** Updates have been applied to the Windows Kernel Vulnerable Driver Blocklist (`DriverSiPolicy.p7b`) to block drivers known to be used in Bring Your Own Vulnerable Driver (BYOVD) attacks.
3. **GPU Paravirtualization Fix:** Addresses a case-sensitivity issue in GPU paravirtualization, which could potentially cause support failure.
## Exploitation
- Status: Not applicable/Unknown for the documented fixes, though the inclusion of BYOVD blocklist updates suggests an ongoing remediation effort against known exploitation techniques.
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: Potential improvement via driver blocklist updates.
- Integrity: Potential improvement via driver blocklist updates.
- Availability: Remediation of system errors (SgrmBroker).
## Remediation
### Patches
- **Security Update:** KB5058379 (Applies improvements to SBAT, fixes SgrmBroker errors, updates driver blocklist).
- **Base/Previous Update referenced:** KB5055612 preview update bulletin.
### Workarounds
- **For the Citrix Known Issue (Windows 10 21H2):** If the update fails/reverts due to Citrix Session Recording Agent (SRA) version 2411:
1. Stop the Session Recording Monitoring service.
2. Install the Microsoft security update (KB5058379).
3. Enable the Session Recording Monitoring service.
## Detection
- **SgrmBroker Issue Indicator:** Event ID 7023 under Windows Logs > System, stating: ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’.
- **Detection Methods:** Monitoring for update installation success/failure, application of the KB5058379 patch.
## References
- Vendor Advisories:
- KB5058379 support bulletin: hxxps://support.microsoft.com/en-us/topic/may-13-2025-kb5058379-os-builds-19044-5854-and-19045-5854-0a30e9ee-5038-45dd-a5d7-70a8813a5e39
- KB5055612 preview update bulletin: hxxps://support.microsoft.com/en-us/topic/april-22-2025-kb5055612-os-build-19045-5796-preview-428955dc-5f14-4dd8-a828-a1a3d316cb79
- Citrix support bulletin for workaround: hxxps://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US