Name of the Vulnerable Software and Affected Versions:

Kaspersky Endpoint Security (affected versions not specified)

Kaspersky Rescue Disk (affected versions not specified)

Description:

A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This issue allowed bypassing the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it, or local administrator privileges would be required to modify the boot loader component.

Recommendations:

For Kaspersky Endpoint Security, consider restricting access to the boot loader component until a patch is available.

For Kaspersky Rescue Disk, avoid using it until the issue is resolved.

As a temporary workaround, consider disabling the custom boot loader component in both Kaspersky Endpoint Security and Kaspersky Rescue Disk to minimize the risk of exploitation.