A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

Windows Defender Credential Guard Security Feature Bypass Vulnerability

Windows Defender Credential Guard Elevation of Privilege Vulnerability

Windows Defender Credential Guard Security Feature Bypass Vulnerability

Windows Kernel Information Disclosure Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Windows Defender Credential Guard Information Disclosure Vulnerability

Windows Partition Management Driver Elevation of Privilege Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Active Directory Domain Services Elevation of Privilege Vulnerability

Windows Fax Service Elevation of Privilege Vulnerability

Windows Partition Management Driver Elevation of Privilege Vulnerability

Windows WebBrowser Control Remote Code Execution Vulnerability

Windows Bluetooth Service Remote Code Execution Vulnerability

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability