CVE-2023-24932
published 2023-05-09CVE-2023-24932: Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
10.56%
95.2th percentile
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.21073 | 10.0.10240.21073 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.8246 | 10.0.14393.8246 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.6054 | 10.0.17763.6054 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.2965 | 10.0.19042.2965 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6093 | 10.0.19044.6093 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6093 | 10.0.19045.6093 |
| microsoft | windows_11_version_21h2 | >= 10.0.22000.0 < 10.0.22000.3079 | 10.0.22000.3079 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5624 | 10.0.22621.5624 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5624 | 10.0.22631.5624 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5624 | 10.0.22631.5624 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.4652 | 10.0.26100.4652 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.27820 | 6.1.7601.27820 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.23418 | 6.0.6003.23418 |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.25573 | 6.2.9200.25573 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22676 | 6.3.9600.22676 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.8246 | 10.0.14393.8246 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.3932 | 10.0.20348.3932 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.4652 | 10.0.26100.4652 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Hunt for unexpected or unrecognized .efi files on the EFI System Partition (ESP), or modifications to the BCD (Boot Configuration Data) store, which are primary indicators of BlackLotus/bootkit activity exploiting CVE-2023-24932. ↗
- →Monitor for disabling of Memory Integrity (HVCI) or BitLocker, and audit logs for Secure Boot being disabled or tampered with — key post-exploitation signals of bootkit activity. ↗
- →Query the UEFI Secure Boot DBX revocation list to verify that vulnerable boot manager signatures have been added; if DBX is not updated, the system remains exploitable even with Windows patches applied. ↗
- →Detect WIN_DRV SprySOCKS persistence via scheduled tasks and Image File Execution Options (IFEO) hijacking on vds.exe; detect WIN_PLUS persistence via registration of a malicious Windows Print Processor named VSPMsg. ↗
- →Detect WIN_DRV's TCP traffic diversion technique: the backdoor inspects incoming TCP traffic and redirects specially crafted packets to its listening port, allowing C2 without exposing the real listening port — look for unusual raw socket or port-forwarding activity. ↗
- →Monitor for DLL side-loading chains initiated by a batch script that creates and executes a scheduled task — the initial delivery mechanism for WIN_DRV SprySOCKS components. ↗
- →Audit the Windows Boot Manager version on all endpoints; a downgrade to an older, vulnerable bootmgr version (still signed by Microsoft but exploitable) is the core attack technique for CVE-2023-24932. ↗
- →Detect mounting of the EFI System Partition (ESP) and replacement of boot files — a key step attackers take when installing BlackLotus or similar bootkits exploiting CVE-2023-24932. ↗
- ·Applying the CVE-2023-24932 patch alone is insufficient — administrators must also manually update the Secure Boot DBX revocation list to ban vulnerable boot managers. Skipping this step leaves systems exploitable via downgrade attacks even after patching. ↗
- ·The fix is disabled by default and is being rolled out in stages; enforcement is not expected until before 2026, with a six-month notice. Organizations must proactively opt in and test before enforcement. ↗
- ·Azure VMs and other virtual machines with Secure Boot enabled also require the extra manual remediation steps — the attack surface is not limited to physical hardware. ↗
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvelistv56.7MEDIUM
vulncheck6.7MEDIUM
vendor_msrc8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows BitLocker Security Feature Bypass Vulnerability
vendor_msrc·2025-07-08·CVSS 6.8
CVE-2025-48804 [MEDIUM] CWE-349 Windows BitLocker Security Feature Bypass Vulnerability
Windows BitLocker Security Feature Bypass Vulnerability
Description: Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
FAQ: How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by loading a WinRE.wim file while the OS volume is unlocked, granting access to BitLocker encrypted data.
FAQ: Are there any further actions I n
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.7
CVE-2024-28919 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 7.1
CVE-2024-29062 [MEDIUM] CWE-367 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?
An u
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 7.8
CVE-2024-26175 [MEDIUM] CWE-125 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.8
CVE-2024-26168 [MEDIUM] CWE-122 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 7.4
CVE-2024-26194 [MEDIUM] CWE-347 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enable
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.7
CVE-2024-28923 [MEDIUM] CWE-190 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manage
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.7
CVE-2024-20669 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 8.0
CVE-2024-28925 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?
An unauthorized attacker must wait for a user to initiate a connection.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 4.1
CVE-2024-28922 [MEDIUM] CWE-284 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.7
CVE-2024-28903 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 7.1
CVE-2024-20688 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?
An unauthorized attacker must wait for a user to initiate a connection.
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.7
CVE-2024-26250 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 7.8
CVE-2024-29061 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.7
CVE-2024-28921 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection a
Microsoft
Lenovo: CVE-2024-23593 Modify Boot Manager and Escalate Privileges
vendor_msrc·2024-04-09·CVSS 6.7
CVE-2024-23593 [MEDIUM] CWE-121 Lenovo: CVE-2024-23593 Modify Boot Manager and Escalate Privileges
Lenovo: CVE-2024-23593 Modify Boot Manager and Escalate Privileges
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Why is this Lenovo CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in certain Lenovo bootloaders. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.
Please see the following for more information:
LEN-132277
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers sho
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 7.5
CVE-2024-28896 [MEDIUM] CWE-122 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers
Microsoft
Lenovo: CVE-2024-23594 Stack buffer overflow in Lenovo system recovery boot manager
vendor_msrc·2024-04-09·CVSS 6.4
CVE-2024-23594 [MEDIUM] CWE-121 Lenovo: CVE-2024-23594 Stack buffer overflow in Lenovo system recovery boot manager
Lenovo: CVE-2024-23594 Stack buffer overflow in Lenovo system recovery boot manager
FAQ: Why is this Lenovo CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in certain Lenovo bootloaders. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.
Please see the following for more information:
LEN-132277
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 8.0
CVE-2024-26180 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?
An unauthorized attacker must wait for a user to initiate a connection.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 7.8
CVE-2024-28920 [MEDIUM] CWE-693 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.7
CVE-2024-26171 [MEDIUM] CWE-190 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate this vulnerability. Please refer to KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. This article describes the protection a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 8.0
CVE-2024-26189 [MEDIUM] CWE-20 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?
An unauthorized attacker must wait for a user to initiate a connection.
FAQ: How could an attacker successfully exploit this vulnerability?
To exploit the vulnerability, an attacker who has physical access or Admi
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.8
CVE-2024-28897 [MEDIUM] CWE-20 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required at this time to mitigate
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.7
CVE-2024-28924 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
All customers should apply the April 9, 2024 Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps a
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 8.0
CVE-2024-26240 [MEDIUM] CWE-20 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: How could an attacker successfully exploit this vulnerability?
To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install a malicious .bcd file.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 7.1
CVE-2024-20689 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-04-09·CVSS 6.3
CVE-2024-28898 [MEDIUM] CWE-121 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?
An unauthorized attacker must wait for a user to initiate a connection.
FAQ: How could an attacker successfully exploit this vulnerability?
To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install a malicious .bcd file.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerab
CISA ICS
Siemens RUGGEDCOM APE1808 Product Family
cisa_ics·2023-09-14
Siemens RUGGEDCOM APE1808 Product Family
ICS Advisory
##
Siemens RUGGEDCOM APE1808 Product Family
Release DateSeptember 14, 2023
Alert CodeICSA-23-257-04
## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.2
- ATTENTION: Low Attack Complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM APE1808 Product Family
- Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Buffer Underflow, Classic Buffer Overflow, Time-of-check Time-of-use Race Condition, Out-of-bounds Read, Im
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2023-05-09·CVSS 6.7
CVE-2023-24932 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.
FAQ: How can an attacker successfully exploit this vulnerability?
To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
FAQ: Are there additional steps I need to take to be protected from this vulnerability?
The security update addresses
CVEList
Secure Boot Security Feature Bypass Vulnerability
cvelistv5·2023-05-09·CVSS 6.7
CVE-2023-24932 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
VulnCheck
Secure Boot Security Feature Bypass Vulnerability
vulncheck·2023·CVSS 6.7
CVE-2023-24932 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://msrc.microsoft.com/blog/2023/05/guidance-related-to-secure-boot-manager-changes-associated-with-cve-2023-24932/; https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2023-May; https://securelist.com/it-threat-evolution-q2-2023-non-mobile-statistics/110413/; https://go.recordedfuture.com/hubfs/reports/ta-2024-0321.pdf; https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df
VulnCheck
Secure Boot Security Feature Bypass
vulncheck·2022·CVSS 4.4
CVE-2022-21894 [MEDIUM] Secure Boot Security Feature Bypass
Secure Boot Security Feature Bypass
Secure Boot Security Feature Bypass Vulnerability
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/; https://www.binarly.io/blog/the-untold-story-of-the-blacklotus-uefi-bootkit; https://cisa.gov/news-events/alerts/2023/04/11/microsoft-releases-guidance-for-the-blacklotus-campaign; https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign; https://msrc.microsoft.com/blog/2023/05/guidance-related-to-secure-boot-manager-changes-associated-
No detection rules found.
No public exploits indexed.
Hackernews
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
blogs_hackernews·2026-06-16
CVE-2023-24932 China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS .
"The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS," ESET said in a report shared with The Hacker News. "Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP, and WebSocket protocols."
Like its Linux counterpart, the Windows versions support more than 30 commands to facilitate system information collection, process en
Bleepingcomputer
Windows version of SprySOCKS Linux malware used to attack govt orgs
blogs_bleepingcomputer·2026-06-16
CVE-2023-24932 Windows version of SprySOCKS Linux malware used to attack govt orgs
## Windows version of SprySOCKS Linux malware used to attack govt orgs
## Bill Toulas
Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries.
SprySOCKS has been linked to the Chinese threat group ‘Earth Lusca,’ which deployed it in attacks against government entities focused on foreign affairs, technology, and telecommunications.
Now, ESET researchers discovered Windows variants of the same malware family that were used between 2023 and 2024 in attacks on government organizations in Taiwan, Thailand, Pakistan, and Honduras.
ESET attributes the activity with high confidence to the Earth Lusca threat actor, which they track as ‘FishMonger’ (also ‘Aquatic Panda,’ ‘Red Dev 10,’ and TAG-22).
Unlike the previ
Krebs
Patch Tuesday, January 2026 Edition
blogs_krebs·2026-01-14·CVSS 5.5
CVE-2026-20805 [MEDIUM] Patch Tuesday, January 2026 Edition
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today.
January’s Microsoft zero-day flaw — CVE-2026-20805 — is brought to us by a flaw in the Desktop Window Manager (DWM), a key component of Windows that organizes windows on a user’s screen. Kev Breen , senior director of cyber threat research at Immersive , said despite awarding CVE-2026-20805 a middling CVSS score of 5.5, Microsoft has confirmed its active exploitation in the wild, indicating that threat actors are already leveraging this flaw against organizations.
Breen said vulnerabilities of t
Krebs
Patch Tuesday, January 2026 Edition
blogs_krebs·2026-01-13·CVSS 5.5
CVE-2026-20805 [MEDIUM] Patch Tuesday, January 2026 Edition
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today.
January’s Microsoft zero-day flaw — CVE-2026-20805 — is brought to us by a flaw in the Desktop Window Manager (DWM), a key component of Windows that organizes windows on a user’s screen. Kev Breen, senior director of cyber threat research at Immersive, said despite awarding CVE-2026-20805 a middling CVSS score of 5.5, Microsoft has confirmed its active exploitation in the wild, indicating that threat actors are already leveraging this flaw against organizations.
Breen said vulnerabilities of thi
Bleepingcomputer
New Microsoft script updates Windows media with bootkit malware fixes
blogs_bleepingcomputer·2025-02-05·CVSS 6.7
[MEDIUM] New Microsoft script updates Windows media with bootkit malware fixes
## New Microsoft script updates Windows media with bootkit malware fixes
## Lawrence Abrams
However, this fix is disabled by default, as incorrectly applying the update or conflicts on devices could cause the operating system to no longer load. Instead, rolling out the fix in stages allows Windows admins to test it before it is enforced sometime before 2026.
When enabled, the security update will add the "Windows UEFI CA 2023" certificate to the UEFI "Secure Boot Signature Database." Admins can then install newer boot managers that are signed with this certificate.
This process also includes updating the Secure Boot Forbidden Signature Database (DBX) to add the "Windows Production CA 2011" certificate. This certificate is used to sign older, vulnerable boot managers, and once revoked,
Tenable
Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988)
blogs_tenable·2024-04-09·CVSS 8.8
[HIGH] Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Microsoft Patch Tuesday 2023 Year in Review
blogs_tenable·2023-12-12
Microsoft Patch Tuesday 2023 Year in Review
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
IT threat evolution in Q2 2023. Non-mobile statistics
blogs_securelist·2023-08-30
IT threat evolution in Q2 2023. Non-mobile statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Geography of financial malware attacks
Ransomware programs
Quarterly trends and highlights
MOVEit Transfer vulnerabilities exploited
Attacks on municipal organizations, educational and healthcare establishments
Most prolific groups
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacked users
TOP 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by criminals during cyberattacks
Quarterly highlights
Vulnerability statistics
Attacks on macOS
Geography of threats for macOS
IoT attacks
IoT threat statistics
Attacks on IoT
Securelist
PC malware statistics, Q2 2022
blogs_securelist·2023-08-30
PC malware statistics, Q2 2022
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Most prolific groups
- Miners
- Vulnerable applications used by criminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks on IoT honeypots
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution in Q2 2023
- IT threat evolution in Q2 2023. Non-mobile statistics
- IT threat evolution in Q2 2023. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2 2023:
- Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe.
- A total of 209,716,810 unique links were d
Talos
Threat Source newsletter (May 11, 2023) — So much for that ransomware decline
blogs_talos·2023-05-11
Threat Source newsletter (May 11, 2023) — So much for that ransomware decline
## Threat Source newsletter (May 11, 2023) — So much for that ransomware decline
Welcome to this week’s edition of the Threat Source newsletter.
I wrote a few weeks ago about how, between the public and private sectors, the security community was making some strides in fighting back against ransomware.
Reports indicate that revenue for ransomware actors was down in 2022, and recent disruptions to larger ransomware networks like Hive have at least forced some actors offline for now.
It seems like if you were to survey various cybersecurity researchers, thought leaders and policymakers, there is a mixed consensus on whether ransomware is still the biggest problem defenders still face today.
The White House and U.S. Department of Justice seem bullish on their efforts to shut down ransomw
Talos
Threat Source newsletter (May 11, 2023) — So much for that ransomware decline
blogs_talos·2023-05-11
Threat Source newsletter (May 11, 2023) — So much for that ransomware decline
Welcome to this week’s edition of the Threat Source newsletter.
I wrote a few weeks ago about how, between the public and private sectors, the security community was making some strides in fighting back against ransomware.
Reports indicate that revenue for ransomware actors was down in 2022, and recent disruptions to larger ransomware networks like Hive have at least forced some actors offline for now.
It seems like if you were to survey various cybersecurity researchers, thought leaders and policymakers, there is a mixed consensus on whether ransomware is still the biggest problem defenders still face today.
The White House and U.S. Department of Justice seem bullish on their efforts to shut down ransomware gangs and dark web sites.
But recently, I’ve noticed that ransomware is still
Krebs
Microsoft Patch Tuesday, May 2023 Edition
blogs_krebs·2023-05-10·CVSS 6.7
CVE-2023-29336 [MEDIUM] Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.
First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. However, as the SANS Internet Storm Center points out , the attack vector for this bug is local.
“Local Privilege escalation vulnerabilities are a key part of attackers’ objectives,” said Kevin Breen , director of cyber threat research at Immersive Labs . “Once they gain initial access they will seek administrative or SYSTEM-level permissions. This can allow th
Krebs
Microsoft Patch Tuesday, May 2023 Edition
blogs_krebs·2023-05-10·CVSS 6.7
CVE-2023-29336 [MEDIUM] Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.
First up in May’s zero-day flaws is CVE-2023-29336, which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. However, as the SANS Internet Storm Center points out, the attack vector for this bug is local.
“Local Privilege escalation vulnerabilities are a key part of attackers’ objectives,” said Kevin Breen, director of cyber threat research at Immersive Labs. “Once they gain initial access they will seek administrative or SYSTEM-level permissions. This can allow the at
Qualys
Microsoft and Adobe Patch Tuesday, May 2023 Security Update Review
blogs_qualys·2023-05-09
Microsoft and Adobe Patch Tuesday, May 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for May 2023
Adobe Patches for May 2023
Zero-day Vulnerabilities Patched in May Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in May Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
This Month in Vulnerabilities & Patches
Microsoft has addressed 49 vulnerabilities in its May Patch Tuesday edition. The security advisories cover various vulnerabilities in different produc
Qualys
Microsoft Patch Tuesday, May 2023 Security Update Review | Qualys
blogs_qualys·2023-05-09
Microsoft Patch Tuesday, May 2023 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for May 2023
- Adobe Patches for May 2023
- Zero-day Vulnerabilities Patched in May Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in May Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
- This Month in Vulnerabilities & Patches
Microsoft has addressed 49 vulnerabilities in its May Patch Tuesday edition. The security advisories cover various vulnerabilities in d
Tenable
Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336)
blogs_tenable·2023-05-09·CVSS 7.8
[HIGH] Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Crowdstrike
May 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] May 2023 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Huntress
CVE-2023-24932 (Secure Boot Bypass) Vulnerability: Analysis, Impact, Mitigation | Huntress
blogs_huntress·CVSS 6.7
CVE-2023-24932 [MEDIUM] CVE-2023-24932 (Secure Boot Bypass) Vulnerability: Analysis, Impact, Mitigation | Huntress
CVE-2023-24932 Vulnerability
Published: 01/20/2026
Written by: Nadine Rozell
## What is CVE-2023-24932 vulnerability?
CVE-2023-24932 is a critical security feature bypass vulnerability in the Windows Boot Manager.
It allows an attacker with administrator privileges or physical access to bypass Secure Boot protections. By exploiting this flaw, attackers can execute untrusted software during the boot process, establishing persistence at the firmware level that is invisible to traditional antivirus and EDR solutions. It is famously associated with the BlackLotus UEFI bootkit .
## When was it discovered?
CVE-2023-24932 was publicly disclosed by Microsoft on May 9, 2023 , following investigations into the BlackLotus bootkit active in the wild.
While patches were released immediately, Mi
2023-05-09
Published
Exploited in the wild