CVE-2017-0007

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Device Guard
Vendor: CVE Published:; 17 March 2017

Summary

Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability."

Affected Version(s)

Device Guard Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016

References

https://enigma0x3.net/2017/04/03/defeating-device-guard-a...

x_refsource_MISC

http://www.securityfocus.com/bid/96018

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2017
Vulnerability Reserved
Sep 9, 2016

Collectors

NVD DatabaseMitre Database