漏洞信息
A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot manager that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device. Furthermore, the attacker could bypass Secure Boot Integrity Validation for BitLocker and Device Encryption security features. The security update addresses the vulnerability by blacklisting affected boot managers.
This security update is rated Important for all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
漏洞危害
Successful exploitation allows an attacker who has gained administrative privileges or who has physical access to a target device could install an affected boot manager.
解决方案
Customers are advised to refer to MS16-100 for more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MS16-100: Windows 8.1 for 32-bit Systems
MS16-100: Windows 8.1 for x64-based Systems
MS16-100: Windows Server 2012 R2
MS16-100: Windows 10 for 32-bit Systems
MS16-100: Windows 10 for x64-based Systems
www.0daybank.org
文章评论