Windows Secure Boot relies on cryptographic signing to accept only trusted boot components. The vulnerability identified as a protection mechanism failure allows a local, authorized attacker to bypass this restriction. By neutralizing Secure Boot, an attacker can load unsigned or malicious code during system startup, potentially granting persistent control and undermining the integrity of the operating system. This flaw compromises confidentiality, integrity, and availability as the trusted boot enforcement is removed, enabling the execution of arbitrary code with the highest privileges the local user may possess.

The flaw affects a broad set of Microsoft Windows operating systems. Client editions include Windows 10 versions 1607, 1809, 21H2, and 22H2, as well as Windows 11 versions 23H2, 24H2, 25H2, and 26H1. Server editions impacted are Windows Server 2012 and 2012 R2 (both full and server‑core installations), Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025. All listed versions run on common processor architectures (x86, x64, and ARM 64) as described by the associated CPE entries.

The CVSS score of 7.9 categorizes this flaw as high severity. No exploit probability score is currently available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is local and requires an authorized attacker, which typically means an operating‑system administrator or a user with elevated privileges who can execute or modify local boot configuration. The attacker can achieve bypass by manipulating boot-related components or configuration files that Secure Boot normally protects. Because the flaw is fundamental to the boot integrity chain, once exploited it can enable kernel‑level persistence and full system compromise.