| Severity | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE ID | CVE-2016-3320 |
| CVSSv3 |
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] |
| CWE ID |
CWE-284 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Windows Windows Server |
| Vulnerable software versions |
Windows 8.1 Windows RT 8.1 Windows 10 Windows Server 2012 Windows Server 2012 R2 |
| Vendor URL | Microsoft |
The vulnerability allows a local user to bypass security restrictions and gain elevated privileges on vulnerable system.
The vulnerability exists due Windows Secure Boot incorrectly loads boot manager. A local user with physical access to computer and local administrative rights can disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device, and bypass Secure Boot Integrity Validation for BitLocker and Device Encryption security features.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
External linkshttps://technet.microsoft.com/en-us/library/security/ms16-100.aspx