Security Feature Bypass in Windows Device Guard by Microsoft
CVE-2017-8746

5.3MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows Device Guard
Vendor
CVE Published:
13 September 2017

Summary

A security feature bypass vulnerability exists in Windows Device Guard due to the way PowerShell interacts with user-supplied code. This flaw allows attackers to potentially bypass security protections that Device Guard offers, putting systems at risk. Systems running Windows 10 versions 1607 and 1703, as well as Windows Server 2016, are affected. Proper security practices and timely updates are crucial to protect against exploitation of this vulnerability.

Affected Version(s)

Windows Device Guard Windows 10 1607, 1703, and Windows Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039340
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/100760
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.