Main Vulnerability Database SB2021101908

SB2021101908 - Security restrictions bypass in Microsoft Surface Pro 3

Published: October 19, 2021

Security Bulletin ID SB2021101908

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security features bypass (CVE-ID: CVE-2021-42299)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists in the Platform Configuration Registers (PCRs) implementation. An attacker with physical access to device can can bypass implemented security restrictions.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42299