<< Back
CVE Number Vulnerability Product Severity Date
MS16-140 Security Update for Boot Manager (3193479) Windows 8.1 Important 09-11-2016

Technical Information

Brief overview of the risk:
The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.

Detailed Information on the risk:

A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot policy that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.
The security update addresses the vulnerability by revoking affected boot policies in the firmware. The revocation protection level depends upon platform firmware

Further information on this exploit is available at : MS16-140

Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2

Affected Software

Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2