Security restrictions bypass in Windows Device Guard

Published: 2019-02-13 01:25:48
Severity Low
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2019-0627
CVE-2019-0632
CVE-2019-0631
CVSSv3 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows 10 1607
Windows 10 1703

Show more

Windows Server 2016
Windows Server 2019
Windows Server 1709
Windows Server 1803
Vendor URL Microsoft

Security Advisory

1) Permissions, Privileges, and Access Controls

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to an error in Device Guard that can circumvent a User Mode Code Integrity (UMCI) policy on the machine. A local user can create a specially crafted program, bypass the User Mode Code Integrity policy and executed malicious application on the system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0627

2) Permissions, Privileges, and Access Controls

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to an error in Device Guard that can circumvent a User Mode Code Integrity (UMCI) policy on the machine. A local user can create a specially crafted program, bypass the User Mode Code Integrity policy and executed malicious application on the system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632

3) Permissions, Privileges, and Access Controls

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to an error in Device Guard that can circumvent a User Mode Code Integrity (UMCI) policy on the machine. A local user can create a specially crafted program, bypass the User Mode Code Integrity policy and executed malicious application on the system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631

Back to List