CVE-2015-2552

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection mechanism, and consequently interfere with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation, via a crafted Boot Configuration Data (BCD) setting, aka "Trusted Boot Security Feature Bypass Vulnerability."

Published: Oct 14, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-2552
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-254

Affected Software
References

Software	From	Fixed in
microsoft / windows_server_2008	r2-sp1	r2-sp1.x
microsoft / windows_server_2012	r2	r2.x
microsoft / windows_server_2008	--sp2	--sp2.x
microsoft / windows_7	--sp1	--sp1.x
microsoft / windows_vista	--sp2	--sp2.x

http://packetstormsecurity.com/files/133962/Microsoft-Trusted-Boot-Security-Feature-Bypass.html
http://www.securityfocus.com/archive/1/536678/100/0/threaded
http://www.securitytracker.com/id/1033805
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-111

Vulnerability Database

289,598

CVE-2015-2552