CVE-2024-26184
published 2024-07-09CVE-2024-26184: Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability
medium6.8CVSS 3.1
AVAACHPRLUIRSUCHIHAH
EPSS
0.96%
56.8th percentile
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.4651 | 10.0.19044.4651 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.4651 | 10.0.19045.4651 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.3079 | 10.0.22000.3079 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.3880 | 10.0.22621.3880 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.3880 | 10.0.22631.3880 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.3880 | 10.0.22631.3880 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2582 | 10.0.20348.2582 |
| msrc | windows_10_version_21h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
cvelistv56.8MEDIUM
vendor_msrc6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CVEList
Secure Boot Security Feature Bypass Vulnerability
cvelistv5·2024-07-09·CVSS 6.8
CVE-2024-26184 [MEDIUM] CWE-190 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Microsoft
Secure Boot Security Feature Bypass Vulnerability
vendor_msrc·2024-07-09·CVSS 6.8
CVE-2024-26184 [MEDIUM] CWE-190 Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.
FAQ: How could an attacker successfully exploit this vulnerability?
To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install a malicious .bcd file.
FAQ: What kind of s
No detection rules found.
No public exploits indexed.
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
## The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs 2024/07/09 Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
# The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs
2024/07/09
Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
2024-07-09
Published