Run the following to see if the issue is already present:
# Check Windows Update error history
Get-WindowsUpdateLog
scp kbi058_patch.bin admin@device:/tmp/
ssh admin@device
sudo firmware-update /tmp/kbi058_patch.bin
If your system is still flagged as vulnerable (e.g., via Microsoft’s Secure Boot Report Tool), here is how to apply the KBI058 patch manually:
When a system is reported as "kbi058 patched," it indicates that the following changes have been successfully applied: kbi058 patched
Technical Documentation:
Change Logs:
Support and Troubleshooting:
Security Bulletins:
User Guides and Tutorials:
# Install via DISM (offline)
dism /online /add-package /packagepath:"C:\Patches\KBI058.msu"
A "good report" suggests that the outcome or feedback regarding the patching of KBI058 has been positive. This could mean: Run the following to see if the issue
Visit the Microsoft Update Catalog and search for "KBI058". Download the .msu file matching your architecture (x64, ARM64).