Vulnerability identifier: #VU7758
Vulnerability risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Microsoft Internet Explorer
Client/Desktop applications /
Web browsers
Vendor: Microsoft
Description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to improper validation of User Mode Code Integrity (UMCI) policies by Internet Explorer. A local attacker can run a specially crafted application to bypass Device Guard UCMI policies.
Successful exploitation of the vulnerability may result in further attacks.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Microsoft Internet Explorer: 11
External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.