CVE-2015-2552 : The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection mechanism, and consequently interfere with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation, via a crafted Boot Configuration Data (BCD) setting, aka "Trusted Boot Security Feature Bypass Vulnerability."

Published 2015-10-14 01:59:07

Updated 2019-05-15 18:56:32

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-2552

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 43 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-2552

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-2552

CWE-254

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2552

http://packetstormsecurity.com/files/133962/Microsoft-Trusted-Boot-Security-Feature-Bypass.html

Microsoft Trusted Boot Security Feature Bypass ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-111

Microsoft Security Bulletin MS15-111 - Important | Microsoft Docs
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/536678/100/0/threaded

SecurityFocus
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1033805

Windows Kernel Flaws Let Local Users Gain System Privileges and Bypass Windows Trusted Boot Policy - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2015-2552

Microsoft » Windows Vista » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1 For Itanium
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1 For X64
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8 » Version: N/A
cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt » Version: N/A
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: N/A
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-2552

Exploit prediction scoring system (EPSS) score for CVE-2015-2552

CVSS scores for CVE-2015-2552

CWE ids for CVE-2015-2552

References for CVE-2015-2552

Products affected by CVE-2015-2552