CVE-2023-24932

MEDIUM EXPLOITED IN THE WILD

Secure Boot - Privilege Escalation

Title source: llm

Description

Secure Boot Security Feature Bypass Vulnerability

Exploits (3)

nomisec WRITEUP 6 stars

by ajf8729 · poc

https://github.com/ajf8729/BlackLotus

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by helleflo1312 · poc

https://github.com/helleflo1312/Orchestrated-Powershell-for-CVE-2023-24932

View Code ZIP pw:eip

nomisec WORKING POC

by v1ckxy · poc

https://github.com/v1ckxy/Orchestrated-Powershell-for-CVE-2023-24932-en

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932

Scores

CVSS v3 6.7

EPSS 0.0058

EPSS Percentile 69.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-05-09

InTheWild.io 2023-05-09

CWE

CWE-863

Status published

Products (15)

microsoft/windows_10_1507 < 10.0.10240.19926

microsoft/windows_10_1607 < 10.0.14393.5921

microsoft/windows_10_1809 < 10.0.17763.4377

microsoft/windows_10_20h2 < 10.0.19042.2965

microsoft/windows_10_21h2 < 10.0.19044.2965

microsoft/windows_10_22h2 < 10.0.19045.2965

microsoft/windows_11_21h2 < 10.0.22000.1936

microsoft/windows_11_22h2 < 10.0.22000.1702

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

... and 5 more

Published May 09, 2023

Tracked Since Feb 18, 2026