CVE-2024-37976

MEDIUM

Windows 10/11, Server 2012 Security Feature Bypass via Resume EFI

Title source: llm

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

CVSS v3 6.7

EPSS 0.0090

EPSS Percentile 75.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-190

Status published

Products (15)

microsoft/windows_10_1507 < 10.0.10240.20796 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.7428 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.6414

microsoft/windows_10_21h2 < 10.0.19044.5011

microsoft/windows_10_22h2 < 10.0.19045.5011

microsoft/windows_11_21h2 < 10.0.22000.3260

microsoft/windows_11_22h2 < 10.0.22621.4317

microsoft/windows_11_23h2 < 10.0.22631.4317

microsoft/windows_11_24h2 < 10.0.26100.2033 (2 CPE variants)

microsoft/windows_server_2012

... and 5 more

Published Oct 08, 2024

Tracked Since Feb 18, 2026