CVE-2015-2552
First published: Wed Oct 14 2015(Updated: )
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection mechanism, and consequently interfere with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation, via a crafted Boot Configuration Data (BCD) setting, aka "Trusted Boot Security Feature Bypass Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Windows 10 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.0 | ||
| Microsoft Windows | ||
| Microsoft Windows RT | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Vista | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-2552?
CVE-2015-2552 has a high severity rating due to its potential to bypass the Trusted Boot mechanism.
How do I fix CVE-2015-2552?
To mitigate CVE-2015-2552, ensure that your Windows systems are fully updated with the latest security patches from Microsoft.
Which software versions are affected by CVE-2015-2552?
CVE-2015-2552 affects multiple Microsoft Windows versions including Windows 7, 8, 8.1, 10, and several versions of Windows Server.
What does CVE-2015-2552 exploit?
CVE-2015-2552 exploits a vulnerability that allows attackers to bypass Trusted Boot protections, potentially compromising system integrity.
Who is at risk from CVE-2015-2552?
Physically proximate attackers are at risk of exploiting CVE-2015-2552 to interfere with critical security features like BitLocker and Device Encryption.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/windows 10
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.0
- canonical/microsoft windows
- canonical/microsoft windows rt
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2-sp1
- version/microsoft windows server/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2