CVE-2016-3320 : Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Wind

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass."

Published 2016-08-09 21:59:28

Updated 2025-04-12 10:46:41

Source Microsoft Corporation

View at NVD, CVE.org

Products affected by CVE-2016-3320

Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: N/A
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 25
cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-3320

EPSS FAQ

13.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-3320

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
4.9	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N	1.2	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2016-3320

CWE-254

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-3320

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVB6Y2TVKSOBTIIBRUAJUIH3LQHMHCAG/
http://www.securitytracker.com/id/1036573

Microsoft Windows Secure Boot Bug in Loading Boot Managers Lets Local Users - SecurityTracker
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/92304

Microsoft Windows CVE-2016-3320 Local Security Bypass Vulnerability
Third Party Advisory;VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-100

Microsoft Security Bulletin MS16-100 - Important | Microsoft Docs
Patch;Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVB6Y2TVKSOBTIIBRUAJUIH3LQHMHCAG/

[SECURITY] Fedora 25 Update: dbxtool-7-2.fc25 - package-announce - Fedora Mailing-Lists
Mailing List;Release Notes;Third Party Advisory

Jump to

Vulnerability Details : CVE-2016-3320

Products affected by CVE-2016-3320

Exploit prediction scoring system (EPSS) score for CVE-2016-3320

CVSS scores for CVE-2016-3320

CWE ids for CVE-2016-3320

References for CVE-2016-3320