What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Why are there different security update packages for this CVE? These are standalone security updates. These packages must be installed in addition to the normal security updates to be protected from this vulnerability. Are there any prerequisites to these security updates? These security updates have a Servicing Stack Update prerequisite for specific KB numbers. The packages have a built in pre-requisite logic to ensure the ordering. Customer should ensure that they have the latest Servicing Stack Update installed before installing these standalone security updates. See ADV990001 | Latest Servicing Stack Updates for more information. If I need to manually install these standalone updates, a Servicing Stack Update, and an August 2022 Security Update, in what order should they be installed? Customers who need to manually install these three updates should install them in the following order: Servicing Stack Update Standalone Secure Boot Update listed in this CVE August 2022 Security Update Customers whose systems are configured to receive automatic updates will automatically receive these updates in the correct order. Is there anything else that I should know about these updates? If Windows Defender Credential Guard (Virtual Secure Mode) is enabled, two additional reboots will be required. Why is the CERT/CC the assigning CNA (CVE Numbering Authority)? This CVE is regarding a vulnerability in a third party driver. CERT/CC created this CVE on behalf of the researcher who discovered the vulnerability.