CVE-2024-37973: 
vulnerability analysis and mitigation

A Secure Boot Security Feature Bypass Vulnerability, identified as CVE-2024-37973, was discovered and reported to Microsoft. The vulnerability was initially disclosed on July 9, 2024, affecting various versions of Microsoft Windows operating systems including Windows 10, Windows 11, and Windows Server editions (NVD).

The vulnerability has received a CVSS v3.1 base score of 7.8 (High) from NIST with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity. Microsoft's assessment differs slightly, assigning a CVSS score of 8.8 (High) with a vector string of CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is associated with CWE-674 (Uncontrolled Recursion) according to Microsoft's classification (NVD).

The vulnerability affects the Secure Boot security feature, potentially allowing attackers to bypass security controls. If successfully exploited, it could lead to high impacts on confidentiality, integrity, and availability of the affected systems (NVD).

Microsoft has released security updates to address this vulnerability across multiple affected Windows versions, including Windows 10 (various versions), Windows 11, and Windows Server editions. These updates are available through the standard Windows Update mechanism (Microsoft Security).