CVE-2017-11823

6.7MEDIUM

Key Information:

Vendor: Microsoft
Status: Device Guard
Vendor: CVE Published:; 13 October 2017

Summary

The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".

Affected Version(s)

Device Guard Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

References

http://www.securitytracker.com/id/1039526

vdb-entryx_refsource_SECTRACK

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/42997/

exploitx_refsource_EXPLOIT-DB

EPSS Score

75% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 13, 2017
Vulnerability Reserved
Jul 31, 2017

Collectors

NVD DatabaseMitre Database