Security restrictions bypass in Windows and Windows Server - CVE-2017-15361
Published: October 12, 2017 / Updated: October 18, 2017
Vulnerability identifier: #VU8810
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-15361
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions.
The weakness exists in certain Trusted Platform Module (TPM) chipsets due to unknown error. A remote attacker can cause the application to weaken key strength.
The weakness exists in certain Trusted Platform Module (TPM) chipsets due to unknown error. A remote attacker can cause the application to weaken key strength.
How to mitigate CVE-2017-15361
Microsoft hasn't released any patches addressing the vulnerability.
If your device is not from Microsoft, apply the firmware provided by the OEM.
If your device is not from Microsoft, apply the firmware provided by the OEM.