#VU11739 Security Feature Bypass in Windows and Windows Server - CVE-2018-0966
Published: April 10, 2018 / Updated: April 10, 2018
Vulnerability identifier: #VU11739
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-0966
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to bypass antimalware protection.
The vulnerability exists in the Device Guard when processing files. A remote attacker can create a specially crafted file that appears to be signed for the application.
Successful exploitation of the vulnerability may allow an attacker to bypass Device Guard protection and execute malicious file on the system.
The vulnerability exists in the Device Guard when processing files. A remote attacker can create a specially crafted file that appears to be signed for the application.
Successful exploitation of the vulnerability may allow an attacker to bypass Device Guard protection and execute malicious file on the system.
Remediation
Install updates from vendor's website.