KB5012170: Security update for Secure Boot DBX: August 9, 2022 - Install error - 0x800f0922

...

Next, I also performed these additional steps:

7. Reboot into UEFI BIOS

8. Enabled Secure Boot (it was disabled in my case) => Note: This alone didn't work for me. I also needed to do the next step.

9. Clear Secure Boot keys (i.e. reset the Secure Boot keys to default factory settings)

10. Save and exit UEFI BIOS

After this, I repeated Steps 1-6 above and the KB5012170 MSU package successfully installed.

Not sure if this will work for everyone, but since KB5012170 updates the Secure Boot Forbidden Signature Database (DBX) in UEFI, clearing the old and potentially stale boot keys and resetting to factory defaults allowed the update to install required changes to DBX.

Its temporarily disabling Secure Boot that's allowed me - and others - to install the update.

Loading default factory keys is an important step in allowing Secure Boot to be Enabled.

I'm not sure I would reset them after enabling Secure Boot or understand that doing this removes "old and potentially stale boot keys" - there can either be the factory default keys needed for Windows or custom keys.

Also the DBX seems to be a forbidden signatures database - something different from the keys.

Secure Boot keys settings should be changed with care as doing it the wrong way leads to a boot loops on some systems.

I've been fighting the same issues all day. KB5012170 fails to install with error 0x800f0922. Looking through C:\Windows\Logs\CBS\CBS.log reveals errors pointing to BitLocker (which is a red herring) and Secure Boot (the real culprit).

I finally got it to install successfully as follows:

1. Open a cmd.exe or powershell.exe window running as Administrator

2. dism.exe /online /cleanup-image /restorehealth

3. sfc /scannow

4. Reboot

5. Manually download the MSU appropriate for your Windows version directly from the Microsoft Update Catalog here: https://catalog.update.microsoft.com/Search.aspx?q=kb5012170

6. Double click the MSU file to install

This still didn't work for me, but it did clean up the CBS store and allowed me to successfully install the August 2022 Cumulative Update. However, manually installing KB5012170 still failed with the same error as Windows Update in Settings: 0x800f0922

Next, I also performed these additional steps:

7. Reboot into UEFI BIOS

8. Enabled Secure Boot (it was disabled in my case) => Note: This alone didn't work for me. I also needed to do the next step.

9. Clear Secure Boot keys (i.e. reset the Secure Boot keys to default factory settings)

10. Save and exit UEFI BIOS

After this, I repeated Steps 1-6 above and the KB5012170 MSU package successfully installed.

Not sure if this will work for everyone, but since KB5012170 updates the Secure Boot Forbidden Signature Database (DBX) in UEFI, clearing the old and potentially stale boot keys and resetting to factory defaults allowed the update to install required changes to DBX.

Motherboard: Asrock Z87 Extreme6/ac