Patch KB5012170 was designed to plug Secure Boot holes and Microsoft said that it was important for users running kit with Unified Extensible Firmware Interface (UEFI) firmware.
Vole wrote that a security feature bypass vulnerability exists in the secure boot and an attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software. The patch adds the signatures of the known vulnerable UEFI modules to the Secure Boot Forbidden Signature Database (DBX).
However apparently what Microsoft did not realise was that some OEM firmware won't allow the update to be installed. The update might fail to install with certain BitLocker Group Policy configurations or an 0x800f0922 might be thrown up. Sometimes BitLocker recovery is tripped forcing the user to enter a key which most do not have.