Do you notice the Event ID 1033 entry in the Event Manager from the TPM-WMI source? This post will help you explain the issue’s cause, meaning, and resolution.
Cause of Event ID 1033 in Windows
Event ID 1033, accompanied by the error message—Potentially revoked boot manager was detected in EFI partition—is said to occur when the update of the unauthorized or suspicious module in the DBX is postponed.
Event ID 1033 will be logged when a vulnerable boot loader revoked by this update is detected on your device. Upon each system restart, the device undergoes a rescan to check if the vulnerable module has been updated and to ascertain the safety of applying the updated DBX list.
Meaning of Event ID 1033
When the DBX revocation list is updated through the KB5012170 Security Updated, the system thoroughly examines the applications or modules. This check identifies if any applications or modules critical to the startup process have been included in the DBX list.
If any such module is found, the firmware update concerning the DBX list is postponed. This examination and the subsequent delay are part of a precautionary measure to avoid startup problems arising from this incorrect categorization.
When an updated DBX revocation list is installed on a Windows device, the system thoroughly examines any critical dependencies on the modules listed as vulnerable. If any of these modules are found to be essential for the device’s startup process, the firmware update regarding the DBX list is postponed.
This precautionary measure prevents potential disruptions that could arise from removing crucial components.
Resolution to Event ID 1033
Resolving the problem would involve contacting the application or module vendor identified as malicious or vulnerable by the system. The most effective resolution is to ask the vendor for an updated version of the module to address the vulnerability and install it on the system.
Read: Event ID 1799, Boot Manager signed with Windows UEFI CA 2023 was installed successfully.
