CVE-2016-7247 : Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."

Published 2016-11-10 07:00:01

Updated 2018-10-12 22:14:24

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2016-7247

Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1
cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: N/A
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-7247

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-7247

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2016-7247

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-7247

http://www.securitytracker.com/id/1037255

Microsoft Windows Secure Boot Flaw Lets Physically Local Users Bypass Security Restrictions - SecurityTracker
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-140

Microsoft Security Bulletin MS16-140 - Important | Microsoft Docs
http://www.securityfocus.com/bid/94058

Microsoft Windows Boot Manager CVE-2016-7247 Local Security Bypass Vulnerability
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05340049

HP Support for Technical Help and Troubleshooting | HP® Customer Service.

Jump to

Vulnerability Details : CVE-2016-7247

Products affected by CVE-2016-7247

Exploit prediction scoring system (EPSS) score for CVE-2016-7247

CVSS scores for CVE-2016-7247

CWE ids for CVE-2016-7247

References for CVE-2016-7247