Security restrictions bypass in Microsoft Internet Explorer - CVE-2017-8625
Published: August 8, 2017 / Updated: August 8, 2017
Vulnerability identifier: #VU7758
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8625
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Internet Explorer
Microsoft Internet Explorer
Detailed vulnerability description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to improper validation of User Mode Code Integrity (UMCI) policies by Internet Explorer. A local attacker can run a specially crafted application to bypass Device Guard UCMI policies.
Successful exploitation of the vulnerability may result in further attacks.
The weakness exists due to improper validation of User Mode Code Integrity (UMCI) policies by Internet Explorer. A local attacker can run a specially crafted application to bypass Device Guard UCMI policies.
Successful exploitation of the vulnerability may result in further attacks.
How to mitigate CVE-2017-8625
Install updates from vendor's website.