CVE-2024-37987
📋 TL;DR
This Secure Boot vulnerability allows attackers to bypass security features and execute unauthorized code during the boot process. It affects systems with Secure Boot enabled, primarily impacting Windows devices and potentially other platforms using affected firmware.
💻 Affected Systems
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
📦 What is this software?
Windows 10 1507 by Microsoft
Windows 10 1607 by Microsoft
Windows 10 1809 by Microsoft
Windows 10 21h2 by Microsoft
Windows 10 22h2 by Microsoft
Windows 11 21h2 by Microsoft
Windows 11 22h2 by Microsoft
Windows 11 23h2 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with persistent malware that survives OS reinstallation, enabling data theft, ransomware deployment, or system destruction.
Likely Case
Malicious code execution with elevated privileges, allowing attackers to disable security controls, install backdoors, or deploy additional payloads.
If Mitigated
Limited impact if Secure Boot is disabled or if attackers lack physical/administrative access to modify boot configuration.
🎯 Exploit Status
Exploitation requires administrative privileges or physical access to the system. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: July 2024 security updates (KB5040442 for Windows 11, KB5040434 for Windows 10, etc.)
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37987
Restart Required: Yes
Instructions:
1. Apply July 2024 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or Microsoft Endpoint Configuration Manager. 3. Restart systems after update installation.
🔧 Temporary Workarounds
Disable Secure Boot
allTemporarily disables Secure Boot feature to prevent exploitation, but reduces system security against other boot-level attacks.
Access UEFI/BIOS settings during boot and disable Secure Boot option
🧯 If You Can't Patch
- Restrict physical access to systems and implement strict administrative privilege controls.
- Monitor for unauthorized boot configuration changes and implement device control policies.
🔍 How to Verify
Check if Vulnerable:
Check if July 2024 security updates are installed via Settings > Windows Update > Update history or run 'systeminfo' command.Check Version:
wmic qfe list | findstr KB5040442 or wmic qfe list | findstr KB5040434Verify Fix Applied:
Verify KB5040442 (Windows 11) or KB5040434 (Windows 10) is installed and Secure Boot is enabled in UEFI settings.📡 Detection & Monitoring
Log Indicators:
- Unexpected Secure Boot policy changes in System logs
- Boot configuration modifications in Event Viewer
Network Indicators:
- Unusual outbound connections during boot process
SIEM Query:
EventID=12 OR EventID=13 AND Source='Microsoft-Windows-Kernel-Boot' AND Description contains 'Secure Boot'