I wanted to throw this out there to the forum to see if anyone is experiencing the same vulnerability as we are getting flagged for. We did apply the August updated but it looks like they updated the detection to add Policy Configuration Check: Verify if the opt-in policy configuration as mentioned in CVE-2024-21302 is applied. It is a low but trying to remediate some past due vulnerabilities. Was just curious if anyone is having the same issue and hopefully, I put this in the correct topic group. Thanks in advance
Found this in the BF Forum from a previous post Content Release: Patches for Windows - August 2024 Security Updates - Release Announcements / Patch (Release Announcements) - BigFix Forum. It doesn’t look like there was a reply to it.
Below is the question:
Are there any plan to include the mitigation for (CVE-2024-21302) Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-21302
$PolicyBinary = $env:windir+“\System32\SecureBootUpdates\SkuSiPolicy.p7b”
$MountPoint = ‘C:\EFIMount’
$EFIDestinationFolder = “$MountPoint\EFI\Microsoft\Boot”
$EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
if (-Not (Test-Path $MountPoint)) { New-Item -Path $MountPoint -Type Directory -Force }
mountvol $MountPoint $EFIPartition
if (-Not (Test-Path $EFIDestinationFolder)) { New-Item -Path $EFIDestinationFolder -Type Directory -Force }
Copy-Item -Path $PolicyBinary -Destination $EFIDestinationFolder -Force
mountvol $MountPoint /D