CVE-2016-3287

MEDIUM

Microsoft Windows 10 - Security Feature Bypass

Title source: rule

Description

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka "Secure Boot Security Feature Bypass."

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036290

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-094

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91604

Scores

CVSS v3 4.4

EPSS 0.0015

EPSS Percentile 36.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-254

Status draft

Affected Products (6)

microsoft/windows_10

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2012

Timeline

Published Jul 13, 2016

Tracked Since Feb 18, 2026