Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules - CVE-2023-28005ID: oval:org.secpod.oval:def:90912 | Date: (C)2023-07-12 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules. Trend Micro has released this CVE to address a secure boot bypass. Subsequently Microsoft has released the July Windows security updates to block the vulnerable UEFI modules by using the DBX (UEFI Secure Boot Forbidden Signature Database) disallow list. To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA).
Platform: |
Microsoft Windows 10 |
Microsoft Windows 11 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |