Device Guard Security Feature Bypass in Windows 10 and Server
CVE-2018-0827

5.3MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows Scripting Host
Vendor
CVE Published:
15 February 2018

Summary

A security feature bypass vulnerability exists in the Windows Scripting Host, specifically affecting Windows 10 versions 1703 and 1709 as well as Windows Server version 1709. This vulnerability arises due to improper handling of certain objects in memory, which could allow an attacker to bypass the Device Guard security feature. Exploiting this flaw could compromise system integrity and potentially enable unauthorized access to sensitive functions within the Windows environment.

Affected Version(s)

Windows Scripting Host Windows 10 versions 1703 and 1709 and Windows Server, version 1709

References

http://www.securityfocus.com/bid/102927
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040373
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.