CVE-2017-11899

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Device Guard
Vendor: CVE Published:; 12 December 2017

Summary

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".

Affected Version(s)

Device Guard Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1039992

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/102077

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2017
Vulnerability Reserved
Jul 31, 2017

Collectors

NVD DatabaseMitre Database

.