Security features bypass in Microsoft Surface - CVE-2021-42299

 

Security features bypass in Microsoft Surface - CVE-2021-42299

Published: October 19, 2021


Vulnerability identifier: #VU57423
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-42299
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Surface

Detailed vulnerability description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists in the Platform Configuration Registers (PCRs) implementation. An attacker with physical access to device can can bypass implemented security restrictions.


How to mitigate CVE-2021-42299

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources