A failure in the protection mechanism that enforces Secure Boot on Windows allows an attacker who can execute code locally to bypass the Secure Boot security feature, effectively turning the system into an unprotected platform. Because the attacker can load unsigned or tampered boot firmware, the attack allows a user with local privileges to compromise the integrity of the operating system without being detected by the firmware security checks. The weakness is identified as a failure in the integrity protection of the firmware lock state (CWE‑693).

Microsoft Windows 10 (Version 1607, 1809, 21H2, 22H2), Microsoft Windows 11 (Version 23H2, 24H2, 25H2, 26H1), Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025 (both normal and Server Core installations) are impacted. The affected builds include both 32‑bit and 64‑bit architectures, as well as ARM64 for certain versions. The vulnerability applies to all listed Windows releases where Secure Boot is enabled and the firmware permits boot from signed binaries.

The CVSS score for the vulnerability is 7.9, indicating a high risk for local attackers. No EPSS score is currently available, so the exact likelihood of exploitation is uncertain, but the feature bypass can be achieved by a user with valid local privileges or physical access. The vulnerability is not yet listed in the CISA KEV catalog, meaning no known exploited, mass‑disrupted attacks have been reported. Given the local nature of the attack vector, the impact is largely confined to systems that allow an attacker to install or load malicious firmware or bootloaders, possibly leading to full compromise of the machine and loss of system integrity.