CVE-2016-7247 — Improper Access Control in Microsoft Windows 10

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.5HIGHNVD

EPSS

24.9%

top 3.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Microsoft Windows Server 2012 Msrc Windows 10 FOR 32-bit Systems +11 more

Timeline

PublishedNov 10

Latest updateMay 14

Description

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages14 packages

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2012_r2

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_101511, 1607+1

🔴Vulnerability Details

GHSA

GHSA-rvvx-87q6-3f48: Microsoft Windows 8↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Secure Boot Component Security Feature Bypass Vulnerability↗2016-11-08

▶