#VU120 Secure Boot bypass vulnerability in Windows and Windows Server - CVE-2016-3287

Cybersecurity Help s.r.o.

Published: 2016-07-13 | Updated: 2017-02-03

Vulnerability identifier: #VU120

Vulnerability risk: Low

CVSSv4.0: 0.9 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2016-3287

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to operating system incorrectly applies affected security policy. A local user with administrative privileges or physical access to computer can disable code integrity checks and allow execution of test-signed executables and drivers.

Successful exploitation of this vulnerability may allow an attacker to gain elevated privileges within the system, access encrypted data, stored on the system, bypass Secure Boot Integrity Validation for BitLocker and the Device Encryption security features.

Mitigation

To resolve this vulnerability vendor recommends installing the following updates:

Windows 8.1

Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012
Windows Server 2012 R2

Windows RT 8.1

Use Windows Update to obtain patch KB3172727

Windows 10

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems

Server Core installation option

Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)