CVE-2016-0188

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer 11 Windows (affected versions not specified)

Description The issue is related to a security feature bypass in the User Mode Code Integrity (UMCI) implementation of Device Guard in Microsoft Internet Explorer 11. This allows remote attackers to bypass a code-signing protection mechanism. Additionally, there is a component in the Windows operating system, specifically the Volume Manager Driver, that is vulnerable due to a lack of user validation for the RemoteFX RDP USB function, potentially allowing a local attacker to read arbitrary files from the disk.

Recommendations For Microsoft Internet Explorer 11, update the User Mode Code Integrity (UMCI) component to properly validate code integrity. For Windows, consider restricting access to the RemoteFX RDP USB function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Windows.