SB2018061228 - Device Guard Code Integrity Policy bypass in Microsoft Windows
Published: June 12, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Security feature bypass (CVE-ID: CVE-2018-8201)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Device Guard allows a local user to inject malicious code into a Windows PowerShell session. A local attacker can bypass Device Guard Code Integrity policy and execute arbitrary code on the target system with escalated privileges.
2) Security feature bypass (CVE-ID: CVE-2018-8212)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Device Guard allows a local user to inject malicious code into a Windows PowerShell session. A local attacker can bypass Device Guard Code Integrity policy and execute arbitrary code on the target system with escalated privileges.
3) Security feature bypass (CVE-ID: CVE-2018-8215)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Device Guard allows a local user to inject malicious code into a Windows PowerShell session. A local attacker can bypass Device Guard Code Integrity policy and execute arbitrary code on the target system with escalated privileges.
4) Security feature bypass (CVE-ID: CVE-2018-8216)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Device Guard allows a local user to inject malicious code into a Windows PowerShell session. A local attacker can bypass Device Guard Code Integrity policy and execute arbitrary code on the target system with escalated privileges.
5) Privilege escalation (CVE-ID: CVE-2018-8214)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to improper management of the virtual registry by the Windows Desktop Bridge. A local attacker can run a specially crafted application and run arbitrary code in kernel mode.
6) Security feature bypass (CVE-ID: CVE-2018-8217)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Device Guard allows a local user to inject malicious code into a Windows PowerShell session. A local attacker can bypass Device Guard Code Integrity policy and execute arbitrary code on the target system with escalated privileges.
7) Security feature bypass (CVE-ID: CVE-2018-8221)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Device Guard allows a local user to inject malicious code into a Windows PowerShell session. A local attacker can bypass Device Guard Code Integrity policy and execute arbitrary code on the target system with escalated privileges.
8) Security feature bypass (CVE-ID: CVE-2018-8211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Device Guard allows a local user to inject malicious code into a Windows PowerShell session. A local attacker can bypass Device Guard Code Integrity policy and execute arbitrary code on the target system with escalated privileges.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8201
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8212
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8215
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8216
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8214
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8217
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8221
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8211