[zauguin]

Usually systems have a KEK (key exchange key) from Microsoft installed, then Microsoft can revoke keys on their own withot involvement of the UEFI forum, board manufacturers or anyone else (Unless the KEK itself is compromised). They usually publish these revocations later on the UEFI website, but that's not necessarily blocking the rollout.

The actual issue is that the revoked key is the key used by Windows, so revoking it makes Windows unbootable.

Seems a bit weird to call this a Secure Boot vulnerability though since Secure Boot still works, it's just that a validly signed binary happens to be vulnerable and boots arbitrary stuff in a later stage. While this circumvents Secure Boot on all systems which allow booting Windows (so all systems where noone explicitly changes the Secure Boot setup), it sounds more like a Windows boot loader vulnerability than a Secure Boot issue.