CVE-2024-37977: 
vulnerability analysis and mitigation

A Secure Boot Security Feature Bypass Vulnerability identified as CVE-2024-37977 affects multiple versions of Microsoft Windows systems. The vulnerability was discovered and reported to Microsoft, with the initial CVE record being created on June 10, 2024 (CVE MITRE).

The vulnerability has been assigned a CVSS v3.1 base score of 8.0 HIGH with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Microsoft has classified this as a heap-based buffer overflow vulnerability (CWE-122) (NVD).

The vulnerability affects multiple versions of Windows systems including Windows 11 (versions 21H2, 22H2, 23H2) and Windows Server 2022 (including 23H2). If exploited, this security feature bypass vulnerability could potentially compromise the secure boot mechanism of affected systems (NVD).

Microsoft has released security updates to address this vulnerability. The affected systems should be updated to the following versions: Windows 11 21H2 to version 10.0.22000.3079, Windows 11 22H2 to version 10.0.22621.3880, Windows 11 23H2 to version 10.0.22631.3880, Windows Server 2022 to version 10.0.20348.2582, and Windows Server 2022 23H2 to version 10.0.25398.1009 (NVD).