CVE-2024-26194

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

Are there additional steps I need to take to be protected from this vulnerability?

All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection against this Secure Boot security feature bypass, how to enable the protections, and guidance to update bootable media.