CVE-2024-37975
📋 TL;DR
This vulnerability allows attackers to bypass Secure Boot protections on affected systems, potentially enabling them to load and execute unauthorized code during the boot process. It affects systems with specific Secure Boot configurations, primarily impacting Windows devices and potentially other platforms using similar Secure Boot implementations.
💻 Affected Systems
- Windows Secure Boot
- UEFI firmware implementations
📦 What is this software?
Windows 10 1507 by Microsoft
Windows 10 1607 by Microsoft
Windows 10 1809 by Microsoft
Windows 10 21h2 by Microsoft
Windows 10 22h2 by Microsoft
Windows 11 21h2 by Microsoft
Windows 11 22h2 by Microsoft
Windows 11 23h2 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with persistent malware that survives reboots and reinstallation, enabling data theft, ransomware deployment, or system destruction.
Likely Case
Attackers bypass Secure Boot to install bootkits or rootkits that evade detection, maintain persistence, and potentially disable security controls.
If Mitigated
Attackers can bypass Secure Boot but still face other security layers like antivirus, endpoint detection, and network segmentation limiting damage.
🎯 Exploit Status
Exploitation requires administrative privileges or physical access; detailed technical information not publicly available
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Microsoft Security Update Guide for specific KB numbers
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37975
Restart Required: Yes
Instructions:
1. Apply latest Windows security updates from Microsoft Update. 2. Ensure UEFI/BIOS firmware is updated to latest version from device manufacturer. 3. Restart system to complete installation.
🔧 Temporary Workarounds
Enable Secure Boot with trusted certificates only
allConfigure Secure Boot to only allow certificates from trusted sources and remove unnecessary certificates
Implement Device Guard/Credential Guard
windowsUse Windows security features to add additional layers of protection against boot-level attacks
🧯 If You Can't Patch
- Restrict physical access to systems and implement strict administrative privilege controls
- Implement network segmentation to limit lateral movement from compromised systems
🔍 How to Verify
Check if Vulnerable:
Check system for applied security updates matching Microsoft advisory KB numbers; verify Secure Boot is enabled in UEFI settingsCheck Version:
wmic qfe list brief /format:table (Windows) or systeminfo | findstr /B /C:"KB" (Windows)Verify Fix Applied:
Confirm latest Windows updates are installed and Secure Boot is properly configured; check that unauthorized bootloaders cannot be loaded📡 Detection & Monitoring
Log Indicators:
- UEFI/Secure Boot policy changes in system logs
- Unauthorized bootloader loading events
- Unexpected system restarts or boot failures
Network Indicators:
- Unusual outbound connections from systems shortly after boot
- Traffic patterns suggesting command and control communication
SIEM Query:
EventID=12 OR EventID=13 (System events) with keywords "Secure Boot", "UEFI", "bootloader" combined with suspicious process creation events