Security Feature Bypass in Windows Device Guard

Published: 2017-12-12 20:01:28
Severity Low
Patch available YES
Number of vulnerabilities 1
CVSSv2 3.2 (AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
CVSSv3 3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE ID CVE-2017-11899
CWE ID CWE-310
Exploitation vector Network
Public exploit Not available
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows Server 2016
Vendor URL Microsoft
Advisory type Public

Security Advisory

1) Security feature bypass

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to Device Guard fails to correctly validate untrusted files. A remote attacker can create a specially crafted file and make an unsigned file appear to be signed. Since the Device Guard relies on the signature to determine the file is non-malicious, Device Guard could then allow a malicious file to execute.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11899

Back to List