To mitigate BitLocker downgrade attacks, we advise enabling the https://support.microsoft.com/en-us/topic/how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d. This mechanism enforces secure versioning across critical boot components, preventing downgrades that could reintroduce known vulnerabilities in BitLocker and Secure Boot.
That article shows a very long, error prone procedure, that includes updating installation media and recovery media. It has a lot of warnings and caveats, such as that there are known issues, or that the system will not boot after certain actions.
Is it going to be streamlined, i.e. done automatically or with a single command? And the second question - is the updated Windows installation media already available for downloading from Microsoft?
I am genuinely worried after applying these mitigations that my device will not come up back after reboot. EDIT: It did come back, but I'd prefer this REVISE procedure was more user-friendly and resilient, i.e. check the preconditions, perform necessary changes, and verify afterwards.