CVE-2023-24932

MEDIUM EXPLOITED IN THE WILD

Windows 10 1507-22H2 and Windows 11 21H2-22H2 - Secure Boot Security Feature Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-24932 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 3 public exploits from researchers including ajf8729, helleflo1312, v1ckxy.

AI-analyzed exploit summary This repository contains PowerShell scripts for remediating CVE-2023-24932 (BlackLotus UEFI bootkit vulnerability) by updating Secure Boot certificates and the Boot Manager. It includes detailed logging and verification steps but does not exploit the vulnerability.

Description

Secure Boot Security Feature Bypass Vulnerability

Exploits (3)

nomisec WRITEUP 6 stars
by ajf8729 · poc
https://github.com/ajf8729/BlackLotus

This repository contains PowerShell scripts for remediating CVE-2023-24932 (BlackLotus UEFI bootkit vulnerability) by updating Secure Boot certificates and the Boot Manager. It includes detailed logging and verification steps but does not exploit the vulnerability.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Windows Secure Boot (UEFI)
Auth required
Prerequisites: Administrative privileges · UEFI Secure Boot enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by helleflo1312 · poc
https://github.com/helleflo1312/Orchestrated-Powershell-for-CVE-2023-24932

This PowerShell script automates the mitigation process for CVE-2023-24932, a Secure Boot vulnerability, by orchestrating multiple steps including registry updates, reboots, and checks for BitLocker and Windows updates. It ensures persistence across reboots using RunOnce registry entries and logs progress to a file.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Windows Secure Boot (UEFI)
Auth required
Prerequisites: Administrator privileges · Secure Boot enabled · UEFI system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by v1ckxy · poc
https://github.com/v1ckxy/Orchestrated-Powershell-for-CVE-2023-24932-en

This PowerShell script automates the exploitation of CVE-2023-24932, a Secure Boot bypass vulnerability, by orchestrating multiple steps involving registry modifications, system reboots, and Secure Boot updates. It includes checks for BitLocker, TPM version, and Windows updates, ensuring the system is in a vulnerable state before proceeding with the exploit.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Reliable
Target: Windows Secure Boot (UEFI)
Auth required
Prerequisites: Administrator privileges · Secure Boot enabled · UEFI system · Windows updates post-July 2024
devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 6.7
EPSS 0.1056
EPSS Percentile 95.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

VulnCheck KEV 2023-05-09
InTheWild.io 2023-05-09
CWE
CWE-863
Status published
Products (15)
microsoft/windows_10_1507 < 10.0.10240.19926
microsoft/windows_10_1607 < 10.0.14393.5921
microsoft/windows_10_1809 < 10.0.17763.4377
microsoft/windows_10_20h2 < 10.0.19042.2965
microsoft/windows_10_21h2 < 10.0.19044.2965
microsoft/windows_10_22h2 < 10.0.19045.2965
microsoft/windows_11_21h2 < 10.0.22000.1936
microsoft/windows_11_22h2 < 10.0.22000.1702
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1
... and 5 more
Published May 09, 2023
Tracked Since Feb 18, 2026