CVE-2024-29061
📋 TL;DR
CVE-2024-29061 is a Secure Boot security feature bypass vulnerability that allows attackers to bypass Secure Boot protections on affected systems. This affects Windows systems with Secure Boot enabled, potentially allowing unauthorized code execution during the boot process.
💻 Affected Systems
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
📦 What is this software?
Windows 10 1507 by Microsoft
Windows 10 1507 by Microsoft
Windows 10 1607 by Microsoft
Windows 10 1607 by Microsoft
Windows 10 1809 by Microsoft
Windows 10 21h2 by Microsoft
Windows 10 22h2 by Microsoft
Windows 11 21h2 by Microsoft
Windows 11 22h2 by Microsoft
Windows 11 23h2 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via bootkit installation, allowing persistent malware that survives OS reinstallation and disk formatting.
Likely Case
Bypass of Secure Boot protections enabling installation of boot-level malware or rootkits that evade standard security controls.
If Mitigated
Limited impact if Secure Boot is disabled or if additional boot integrity protections are in place.
🎯 Exploit Status
Exploitation requires physical access or administrative privileges to modify boot configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: April 2024 security updates - KB5036893 for Windows 11, KB5036892 for Windows 10, etc.
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29061
Restart Required: Yes
Instructions:
1. Apply April 2024 Windows security updates via Windows Update. 2. For enterprise: Deploy through WSUS or Microsoft Endpoint Configuration Manager. 3. Verify Secure Boot remains enabled post-update.
🔧 Temporary Workarounds
Disable Secure Boot
allTemporarily disable Secure Boot in UEFI firmware settings to prevent exploitation
Enable BitLocker with TPM
windowsEnable BitLocker with TPM protection to add additional boot integrity verification
🧯 If You Can't Patch
- Restrict physical access to vulnerable systems
- Implement strict administrative access controls and monitor for unauthorized boot configuration changes
🔍 How to Verify
Check if Vulnerable:
Check if Secure Boot is enabled in UEFI firmware settings and verify Windows version is before April 2024 updatesCheck Version:
wmic os get caption,version,buildnumberVerify Fix Applied:
Verify Windows Update history shows April 2024 security updates installed and Secure Boot status shows as 'Enabled' in msinfo32📡 Detection & Monitoring
Log Indicators:
- Unexpected Secure Boot configuration changes in System logs
- Boot configuration modifications in UEFI logs
Network Indicators:
- Unusual network traffic patterns during boot process
SIEM Query:
EventID=12 OR EventID=13 | where Source='Microsoft-Windows-Kernel-Boot' | where Message contains 'Secure Boot'