Описание
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.
To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.
The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.2 Medium
CVSS3
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.The security update addresses the vulnerability by correcting security feature behavior to enforce permissions., aka 'Windows Security Feature Bypass Vulnerability'.
Уязвимость ядра операционной системы Windows, позволяющая нарушителю повысить свои привилегии
EPSS
6.2 Medium
CVSS3
5.5 Medium
CVSS3
4.3 Medium
CVSS2