Bypass Vulnerability Discovered in Secure Boot Security Feature
CVE-2023-24932
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 9 May 2023
Badges
Summary
A significant vulnerability exists within the Secure Boot feature of various Microsoft products. This security concern could allow cybercriminals to bypass the Secure Boot mechanism, potentially granting them unauthorized access to critical system components. As Secure Boot is designed to prevent the loading of unauthorized firmware and operating systems, the exploitation of this flaw poses substantial risks to the integrity and security of affected systems. Organizations using vulnerable Microsoft products should prioritize applying necessary patches and updates to safeguard their environments.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20710
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7159
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6054
News Articles
Four zero-days fixed for September Patch Tuesday | TechTarget
September Patch Tuesday resolves four zero-days with the most pressing one affecting the Windows Update feature.
4 months ago
NeowinCVE-2023-24932KB5025885: Microsoft announces Windows CVE-2023-24932 Black Lotus patch deployment phase
Microsoft has announced the deployment phase for the BlackLotus patch, along wi its details. If you are not aware, BlackLotus is a UEFI Secure Boot vulnerability that affects Windows 11, 10, and more.
6 months ago
Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.
9 months ago
References
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved