Skip to main content

CVE-2024-26175: CWE-125: Out-of-bounds Read in Microsoft Windows 10 Version 1809

High
VulnerabilityCVE-2024-26175cvecve-2024-26175cwe-125
Published: Tue Apr 09 2024 (04/09/2024, 17:00:42 UTC)
Source: CVE
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

Secure Boot Security Feature Bypass Vulnerability

AI-Powered Analysis

AILast updated: 06/26/2025, 06:44:55 UTC

Technical Analysis

CVE-2024-26175 is a high-severity vulnerability classified as an out-of-bounds read (CWE-125) affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability specifically targets the Secure Boot security feature, which is designed to ensure that only trusted software is loaded during the system startup process. An out-of-bounds read occurs when a program reads data outside the bounds of allocated memory, potentially leading to information disclosure or memory corruption. In this case, the vulnerability allows an attacker with limited privileges (local access with low complexity) to bypass Secure Boot protections by exploiting this memory handling flaw. The CVSS 3.1 base score of 7.8 indicates a high impact on confidentiality, integrity, and availability, with the attack vector being local (AV:L), requiring low attack complexity (AC:L), and low privileges (PR:L), but no user interaction (UI:N). The scope remains unchanged (S:U), meaning the vulnerability affects the same security scope. The exploitability is rated as functional (E:U), and remediation level is official (RL:O) with confirmed report confidence (RC:C). Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to its impact on Secure Boot, a critical security mechanism that prevents unauthorized code execution during system startup. This flaw could allow an attacker to execute malicious code early in the boot process, potentially leading to persistent compromise, bypass of security controls, and unauthorized access to sensitive system components.

Potential Impact

For European organizations, the impact of CVE-2024-26175 is substantial, particularly for those relying on Windows 10 Version 1809 in legacy or specialized environments. Secure Boot is a foundational security feature that protects against rootkits and bootkits, which are among the most severe threats due to their persistence and difficulty to detect. Exploitation could lead to unauthorized code execution at boot time, compromising system integrity and potentially allowing attackers to maintain long-term access or disrupt critical services. This is especially concerning for sectors with high security requirements such as finance, healthcare, government, and critical infrastructure operators. The confidentiality of sensitive data could be compromised, and the integrity of systems could be undermined, leading to operational disruptions. Given that the attack requires local access but no user interaction, insider threats or attackers who gain physical or remote local access could leverage this vulnerability. The lack of known exploits in the wild currently reduces immediate risk but does not diminish the potential severity if weaponized. Organizations running unsupported or unpatched Windows 10 1809 systems are particularly vulnerable, and the persistence of this OS version in industrial control systems or legacy enterprise environments increases the risk profile.

Mitigation Recommendations

1. Immediate upgrade or patching: Although no official patch links are provided in the data, organizations should monitor Microsoft’s security advisories closely and apply any released patches promptly. 2. Upgrade to a supported Windows version: Windows 10 Version 1809 is an older release; migrating to a supported and updated Windows version with enhanced security features will mitigate this vulnerability and others. 3. Restrict local access: Limit local user privileges and physical access to systems running Windows 10 1809 to reduce the risk of exploitation. Implement strict access controls and monitoring for any local login attempts. 4. Enhance endpoint protection: Deploy advanced endpoint detection and response (EDR) solutions capable of detecting anomalous behavior during system boot or attempts to manipulate Secure Boot components. 5. Secure Boot configuration review: Verify Secure Boot settings in UEFI firmware to ensure they are correctly configured and have not been tampered with. 6. Network segmentation: Isolate legacy systems running vulnerable OS versions from critical network segments to contain potential compromises. 7. Incident response readiness: Prepare for potential exploitation by establishing monitoring for unusual boot-time activities and ensuring backup and recovery procedures are robust and tested. 8. User awareness and training: Educate IT staff about the risks of legacy OS use and the importance of applying security updates and restricting local access.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2024-02-14T22:23:54.098Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9836c4522896dcbeaf78

Added to database: 5/21/2025, 9:09:10 AM

Last enriched: 6/26/2025, 6:44:55 AM

Last updated: 8/1/2025, 1:13:00 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats