Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Secure Boot

CVE-2022-2601: Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

Microsoft Security Response Center
#vulnerability#mac#windows#buffer_overflow#Windows Secure Boot#Security Vulnerability
CVE-2023-40547: Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass

**Why is this Red Hat, Inc. CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Linux Shim boot. It is being documented in the Security Update Guide to announce that the latest builds of Microsoft Windows address this vulnerability by blocking old, unpatched, Linux boot loaders by applying SBAT (Secure Boot Advanced Targeting) EFI variables in the UEFI library. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. For more information see: CVE-2023-40547.

CVE-2022-3775: Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

CVE-2024-28899: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An authenticated attacker could exploit this vulnerability with LAN access.

CVE-2024-38065: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-38011: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-38010: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-37972: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?** An unauthorized attacker must wait for a user to initiate a connection.

CVE-2024-37971: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An unauthenticated attacker with LAN access could exploit this vulnerability.

CVE-2024-37975: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?** An unauthorized attacker must wait for a user to initiate a connection.