CVE-2023-24932

FAQ

According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.

How can an attacker successfully exploit this vulnerability?

To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy.

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

Are there additional steps I need to take to be protected from this vulnerability?

The security update addresses the vulnerability by updating the Windows Boot Manager, but is not enabled by default. Additional steps are required at this time to mitigate the vulnerability. Please refer to the following for steps to determine impact on your environment: KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932.

I am running Window 11 23H2 or Server 2022, 23H2 Edition, What do I need to do to be protected from this vulnerability?

Protections for the Secure Boot bypass were included in Windows 11 Version 23H3 and Windows Server 2022, 23H2 Edition at the time of their release; however, these protections are not enabled by default. Customers running these versions of Windows must enable the protections as outlined in KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932.