Microsoft Windows Biometric Service Race Condition Vulnerability Allowing Security Feature Bypass
Vulnerability
A race condition vulnerability has been identified in the Windows Biometric Service, allowing an unauthorized attacker to bypass security features related to biometric authentication. This vulnerability is present in several versions of Windows 10, Windows 11, and Windows Server. The issue arises from improper synchronization in concurrent execution, which could enable a physical attack to exploit the vulnerability. By successfully exploiting this race condition, an attacker could manipulate biometric data, such as fingerprints or facial recognition, to gain unauthorized access to a device.
Impact
Exploitation of this vulnerability could lead to unauthorized access by bypassing Windows biometric authentication, allowing an attacker to falsely present biometric data and gain access without the legitimate user's credentials.
Remediation
Users can download the security update for this vulnerability via the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5082200, KB5082052, KB5083769, KB5082063, KB5082142, and KB5082123.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.