CVE-2016-3320

MEDIUM

Microsoft Windows 10 - Security Feature Bypass

Title source: rule

Description

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass."

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92304

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036573

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-100

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVB6Y2TVKSOBTIIBRUAJUIH3LQHMHCAG/

Scores

CVSS v3 4.9

EPSS 0.1046

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-254

Status draft

Affected Products (7)

microsoft/windows_10

microsoft/windows_10

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2012

microsoft/windows_server_2012

fedoraproject/fedora

Timeline

Published Aug 09, 2016

Tracked Since Feb 18, 2026