Niels Ferguson

**Name of the Vulnerable Software and Affected Versions** Windows Server 2016 Windows 10 Windows 10 Servers **Description** A security feature bypass issue exists due to the Windows Hyper-V BIOS loader's failure to provide a high-entropy source. This allows a remote attacker to bypass built-in security restrictions. **Recommendations** For Windows Server 2016, Windows 10, and Windows 10 Servers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dual Elliptic Curve Deterministic Random Bit Generation (Dual EC DRBG) algorithm (affected versions not specified) **Description** The Dual Elliptic Curve Deterministic Random Bit Generation algorithm contains point Q constants that may have a relationship to certain "skeleton key" values. This could allow attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.