Security Feature Bypass in Windows and Windows Server - CVE-2018-0966
Published: April 10, 2018 / Updated: April 10, 2018
Vulnerability identifier: #VU11739
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-0966
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass antimalware protection.
The vulnerability exists in the Device Guard when processing files. A remote attacker can create a specially crafted file that appears to be signed for the application.
Successful exploitation of the vulnerability may allow an attacker to bypass Device Guard protection and execute malicious file on the system.
The vulnerability exists in the Device Guard when processing files. A remote attacker can create a specially crafted file that appears to be signed for the application.
Successful exploitation of the vulnerability may allow an attacker to bypass Device Guard protection and execute malicious file on the system.
How to mitigate CVE-2018-0966
Install updates from vendor's website.