Microsoft: Trusted Boot Security Feature Bypass Vulnerability
CVE-2015-2552
Product: Windows NT series 8.0+
Affected versions: See “systems affected”.
Reported by: “Myria”
An attacker with administrative access to a Windows machine with UEFI Secure Boot enabled may bypass code signing policy checks by putting intentionally-malformed configuration options in the boot configuration database (BCD).
https://technet.microsoft.com/en-us/library/security/ms15-111.aspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2552
http://seclists.org/bugtraq/2015/Oct/70
https://support.microsoft.com/en-us/kb/3096447
Firmware Security 