Impact
The vulnerability stems from Windows Secure Boot relying on a component that cannot be updated; an attacker with authorized local access can subvert this security feature, representing a CWE‑1329 weakness. The resulting effect is that the integrity checks performed during system boot can be bypassed, enabling the execution of unsigned or malicious code during startup. This flaw does not directly expose remote code execution, but allows local privilege escalation through the compromised boot process, potentially compromising the confidentiality, integrity, and availability of the system.
Affected Systems
Microsoft Windows 10 versions 1809, 21H2, and 22H2; Microsoft Windows 11 versions 23H2, 24H2, 25H2, and 26H1; Microsoft Windows Server 2019, 2022, 2025, and the 23H2 edition. All 32‑bit and 64‑bit builds, including Server Core installations, are affected as listed by the CNA.
Risk and Exploitability
The CVSS score of 6.7 indicates a moderate severity. The EPSS score of 1% indicates a very low, but non‑zero, exploitation probability, so the exploitation frequency cannot be considered high, and the vulnerability is not listed in the CISA KEV catalog. The attack model is local; an authorized user who can run privileged processes on the machine would need to exploit the flaw. No additional exploitation prerequisites are described in the available data.
OpenCVE Enrichment