all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ADV230002 Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules

Add to bookmarks
July 11, 2023, 7 a.m. |

MSRC Security Update Guide msrc.microsoft.com

Trend Micro has released [CVE-2023-28005](https://success.trendmicro.com/dcx/s/solution/000292473?language=en_US) to address a secure boot bypass. Subsequently Microsoft has released the July Windows security updates to block the vulnerable UEFI modules by using the DBX (UEFI Secure Boot Forbidden Signature Database) disallow list.

To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA).

CVEs released for this issue: CVE-2023-28005.

## …

access actions administrative privileges adv authority boot certificate certificate authority customers cve cves exploit firmware information install interface issue latest microsoft physical privileges secure boot security security updates system trust uefi updates vulnerability windows windows security

Visit resource

More from msrc.microsoft.com / MSRC Security Update Guide

Chromium: CVE-2024-4060 Use after free in Dawn 6 days, 1 hour ago | msrc.microsoft.com
cve
Chromium: CVE-2024-4059 Out of bounds read in V8 API 6 days, 1 hour ago | msrc.microsoft.com
cve
Chromium: CVE-2024-4058 Type Confusion in ANGLE 6 days, 1 hour ago | msrc.microsoft.com
cve
CVE-2024-29991 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 1 week, 6 days ago | msrc.microsoft.com
bypass bypass vulnerability chromium cve +9
Chromium: CVE-2024-3847 Insufficient policy enforcement in WebUI 2 weeks ago | msrc.microsoft.com
cve
Chromium: CVE-2024-3846 Inappropriate implementation in Prompts 2 weeks ago | msrc.microsoft.com
cve
Chromium: CVE-2024-3845 Inappropriate implementation in Network 2 weeks ago | msrc.microsoft.com
cve
Chromium: CVE-2024-3844 Inappropriate implementation in Extensions 2 weeks ago | msrc.microsoft.com
cve
Chromium: CVE-2024-3843 Insufficient data validation in Downloads 2 weeks ago | msrc.microsoft.com
cve

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

DevSecOps Engineer

@ LinQuest | Beavercreek, Ohio, United States
View on infosec-jobs.com

Senior Developer, Vulnerability Collections (Contractor)

@ SecurityScorecard | Remote (Turkey or Latin America)
View on infosec-jobs.com

Cyber Security Intern 03416 NWSOL

@ North Wind Group | RICHLAND, WA
View on infosec-jobs.com

Senior Cybersecurity Process Engineer

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

Sr. Manager, Cybersecurity and Info Security

@ AESC | Smyrna, TN 37167, Smyrna, TN, US | Santa Clara, CA 95054, Santa Clara, CA, US | Florence, SC 29501, Florence, SC, US | Bowling Green, KY 42101, Bowling Green, KY, US
View on infosec-jobs.com
View more jobs