Main Vulnerability Database SB2022071259

SB2022071259 - Security features bypass in Microsoft Windows Boot Manager

Published: July 12, 2022

Security Bulletin ID SB2022071259

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Security features bypass (CVE-ID: CVE-2022-30203)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Windows Boot Manager. An authenticated attacker with physical access can bypass Secure Boot

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30203