CVE-2015-2552

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 8 through 10 Microsoft Windows Server versions 2012 through 2012 R2 Microsoft Windows RT versions 8 through 8.1

Description The issue allows physically proximate attackers to bypass the Trusted Boot protection mechanism, interfering with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation. This is achieved via a crafted Boot Configuration Data (BCD) setting. An attacker who successfully exploits this issue could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. Furthermore, an attacker could bypass Trusted Boot integrity validation for BitLocker and Device Encryption security features.

Recommendations For Microsoft Windows versions 8 through 10, update the system to enforce the Windows Trusted Boot policy properly. For Microsoft Windows Server versions 2012 through 2012 R2, ensure that the Boot Configuration Data (BCD) settings are properly configured to prevent exploitation. For Microsoft Windows RT versions 8 through 8.1, restrict access to the BCD settings to minimize the risk of exploitation. As a temporary workaround, consider disabling the test-signed executables and drivers until a patch is available. Restrict access to the BitLocker and Device Encryption security features to minimize the risk of exploitation.