Security restrictions bypass in Device Guard in Windows

Published: 2017-09-12 23:05:38
Severity Low
Patch available YES
Number of vulnerabilities 1
CVSSv2 3.4 (AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
CVSSv3 3.5 [CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE ID CVE-2017-8746
CWE ID CWE-264
Exploitation vector Local
Public exploit Not available
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows Server 2016
Vendor URL Microsoft
Advisory type Public

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to an error in Device Guard. A local attacker can inject code into a trusted PowerShell process that is trusted by the Code Integrity policy and bypass the Device Guard Code Integrity policy on the local machine.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8746

Back to List