What is the severity of CVE-2024-37989?

CVE-2024-37989 is classified as a security feature bypass vulnerability which can potentially allow unauthorized modifications.

How do I fix CVE-2024-37989?

To fix CVE-2024-37989, apply the latest security patches from Microsoft that address this vulnerability.

Which products are affected by CVE-2024-37989?

CVE-2024-37989 affects multiple Microsoft products including Windows Server 2022, Windows 10 versions 1809, 21H2, 22H2, and Windows 11 versions 21H2, 22H2, and 23H2.

Can CVE-2024-37989 be exploited remotely?

The details about exploitation methods for CVE-2024-37989 indicate that it may require local access to the system.

What are the recommended actions following CVE-2024-37989 disclosure?

It is recommended to immediately update affected systems with the security patches provided by Microsoft and monitor for any unusual activities.

Vulnerability/
CVE-2024-37989

high

CWE

130

9/7/2024

31/12/2024

CVE-2024-37989: Secure Boot Security Feature Bypass Vulnerability

First published: Tue Jul 09 2024(Updated: )

Secure Boot Security Feature Bypass Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows Server 2022		fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows Server 2022		fix available externally
Microsoft Windows 11	=23H2	fix available externally
Microsoft Windows 11	=23H2	fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 11	=21H2	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 10	=1607	fix available externally
Microsoft Windows Server 2016		fix available externally
Microsoft Windows 10	=1607	fix available externally
Microsoft Windows 10		fix available externally
Microsoft Windows 10		fix available externally
Microsoft Windows 11	=21H2	fix available externally
Microsoft Windows Server 2019		fix available externally
Microsoft Windows Server 2019		fix available externally
Microsoft Windows Server 2012 R2		fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows Server 2016		fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 11	=22H2	fix available externally
Microsoft Windows Server 2012 R2		fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 11	=22H2	fix available externally
Microsoft Windows Server 2012 x64		fix available externally
Microsoft Windows Server 2012 x64		fix available externally
Microsoft Windows 10 1507	<10.0.10240.20710
Microsoft Windows 10 Version 1607 x86	<10.0.14393.7159
Microsoft Windows 10 1809	<10.0.17763.6054
Microsoft Windows 10 21h2	<10.0.19044.4651
Microsoft Windows 10 22h2	<10.0.19045.4651
Microsoft Windows 11 21h2	<10.0.22000.3079
Microsoft Windows 11 22h2	<10.0.22621.3880
Microsoft Windows 11 23h2	<10.0.22631.3880
Microsoft Windows Server 2012 x64
Microsoft Windows Server 2012 x64	=r2
Microsoft Windows Server 2016	<10.0.14393.7159
Microsoft Windows Server 2019	<10.0.17763.6054
Microsoft Windows Server 2022	<10.0.20348.2582
Microsoft Windows Server 2022 23H2	<=10.0.25398.1009
Microsoft Windows Server 2022 23H2		fix available externally

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37989

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37989 (Advisory)

Frequently Asked Questions

What is the severity of CVE-2024-37989?
CVE-2024-37989 is classified as a security feature bypass vulnerability which can potentially allow unauthorized modifications.
How do I fix CVE-2024-37989?
To fix CVE-2024-37989, apply the latest security patches from Microsoft that address this vulnerability.
Which products are affected by CVE-2024-37989?
CVE-2024-37989 affects multiple Microsoft products including Windows Server 2022, Windows 10 versions 1809, 21H2, 22H2, and Windows 11 versions 21H2, 22H2, and 23H2.
Can CVE-2024-37989 be exploited remotely?
The details about exploitation methods for CVE-2024-37989 indicate that it may require local access to the system.
What are the recommended actions following CVE-2024-37989 disclosure?
It is recommended to immediately update affected systems with the security patches provided by Microsoft and monitor for any unusual activities.

collector/msrc
source/Microsoft
agent/software-canonical-lookup
agent/references
agent/description
agent/type
agent/first-publish-date
collector/msrc-cve
agent/title
agent/severity
agent/weakness
agent/author
agent/event
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft windows server 2022
canonical/microsoft windows 10
version/microsoft windows 10/1809
canonical/microsoft windows 11
version/microsoft windows 11/23h2
version/microsoft windows 10/22h2
version/microsoft windows 11/21h2
version/microsoft windows 10/1607
canonical/microsoft windows server 2016
canonical/microsoft windows server 2019
canonical/microsoft windows server 2012 r2
version/microsoft windows 10/21h2
version/microsoft windows 11/22h2
canonical/microsoft windows server 2012 x64
canonical/microsoft windows 10 1507
canonical/microsoft windows 10 version 1607 x86
canonical/microsoft windows 10 1809
canonical/microsoft windows 10 21h2
canonical/microsoft windows 10 22h2
canonical/microsoft windows 11 21h2
canonical/microsoft windows 11 22h2
canonical/microsoft windows 11 23h2
version/microsoft windows server 2012 x64/r2
canonical/microsoft windows server 2022 23h2
version/microsoft windows server 2022 23h2/10.0.25398.1009

Frequently Asked Questions

What is the severity of CVE-2024-37989?
CVE-2024-37989 is classified as a security feature bypass vulnerability which can potentially allow unauthorized modifications.
How do I fix CVE-2024-37989?
To fix CVE-2024-37989, apply the latest security patches from Microsoft that address this vulnerability.
Which products are affected by CVE-2024-37989?
CVE-2024-37989 affects multiple Microsoft products including Windows Server 2022, Windows 10 versions 1809, 21H2, 22H2, and Windows 11 versions 21H2, 22H2, and 23H2.
Can CVE-2024-37989 be exploited remotely?
The details about exploitation methods for CVE-2024-37989 indicate that it may require local access to the system.
What are the recommended actions following CVE-2024-37989 disclosure?
It is recommended to immediately update affected systems with the security patches provided by Microsoft and monitor for any unusual activities.

CVE-2024-37989: Secure Boot Security Feature Bypass Vulnerability

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-37989?

How do I fix CVE-2024-37989?

Which products are affected by CVE-2024-37989?

Can CVE-2024-37989 be exploited remotely?

What are the recommended actions following CVE-2024-37989 disclosure?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-37989?

How do I fix CVE-2024-37989?

Which products are affected by CVE-2024-37989?

Can CVE-2024-37989 be exploited remotely?

What are the recommended actions following CVE-2024-37989 disclosure?