Security Feature Bypass in Windows 10 and Windows Server Products by Microsoft
CVE-2017-11899

9.8CRITICAL

Key Information:

Vendor
Microsoft
Status
Device Guard
Vendor
CVE Published:
12 December 2017

Summary

This vulnerability involves a flaw in the Device Guard feature of Windows 10 and Windows Server that allows unauthorized access due to improper handling of untrusted files. An attacker could exploit this flaw to bypass security features, potentially leading to unauthorized actions or access within the system.

Affected Version(s)

Device Guard Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039992
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102077
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.