
====================================================================

                               CERT-Renater

                    Note d'Information No. 2016/VULN287
_____________________________________________________________________

DATE                : 10/08/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows versions 8.1, Server 2012, RT 8.1, 10
                         running Secure Boot.	

=====================================================================
KB3179577
https://technet.microsoft.com/en-us/library/security/MS16-100
____________________________________________________________________

Microsoft Security Bulletin MS16-100: Important Security Update for
Secure Boot (3179577)


Executive Summary

This security update resolves a vulnerability in Microsoft Windows.
The vulnerability could allow security feature bypass if an attacker
installs an affected boot manager and bypasses Windows security
features.

This security update is rated Important for all supported editions
of Windows 8.1, Windows Server 2012, Windows Server 2012 R2,
Windows RT 8.1, and Windows 10.

Affected Software

Windows 8.1

Windows Server 2012

Windows Server 2012 R2

Windows RT 8.1 [1]

Windows 10 [2]

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

[1] This update is only available via Windows Update.
[2] Windows 10 updates are cumulative. The monthly security release
includes all security fixes for vulnerabilities that affect Windows 10,
in addition to non-security updates. The updates are available via the
Microsoft Update Catalog.


Vulnerability Information

Secure Boot Security Feature Bypass Vulnerability - CVE-2016-3320

A security feature bypass vulnerability exists when Windows Secure Boot
improperly loads a boot manager that is affected by the vulnerability.
An attacker who successfully exploited this vulnerability could disable
code integrity checks, allowing test-signed executables and drivers to
be loaded onto a target device. Furthermore, the attacker could bypass
Secure Boot Integrity Validation for BitLocker and Device Encryption
security features.

To exploit the vulnerability, an attacker who has gained administrative
privileges or who has physical access to a target device could install
an affected boot manager.The security update addresses the
vulnerability by blacklisting affected boot managers.

The following table contains links to the standard entry for each
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title   CVE number   Publicly disclosed 	Exploited

Secure Boot Security Feature
Bypass Vulnerability 	CVE-2016-3320 	No 		No


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================