Enigma0X3

**Name of the Vulnerable Software and Affected Versions** Windows Server 2016 Windows 10 Windows 10 Servers **Description** A security feature bypass issue exists, allowing an attacker to inject malicious code into a Windows PowerShell session. This is related to an improperly implemented security check. The exploitation of this issue could enable a bypass of code integrity checks by injecting malicious code into a trusted PowerShell process. **Recommendations** For Windows Server 2016, Windows 10, and Windows 10 Servers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version Windows 10 Servers versions prior to the fixed version Windows 10 versions prior to the fixed version **Description** A remote code execution issue exists due to the Windows Shell not properly validating file paths. This can be exploited by a remote attacker using a specially crafted file association to execute arbitrary code. The vulnerability is related to insufficient input validation in the SettingContent-ms file processing mechanism. **Recommendations** For Windows 10 Servers, update to a version that includes the fix for this issue. For Windows 10, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to specially crafted SettingContent-ms files to minimize the risk of exploitation. Avoid using the SettingContent-ms file association in sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** A security-feature bypass issue allows attackers to affect the system. No additional details are provided about the nature of the issue, potential impacts, or the scope of affected devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer 11 **Description** A security feature bypass issue exists due to Internet Explorer's failure to validate User Mode Code Integrity (UMCI) policies. This could allow an attacker to bypass Device Guard UMCI policies. **Recommendations** For Internet Explorer 11, update to a version that includes the fix for this security feature bypass issue.

Name of the Vulnerable Software and Affected Versions: Windows 10 versions 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 Windows Server, version 1709 Description: A security feature bypass issue exists due to the way the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) validates and enforces impersonation levels. This allows attackers to affect the system. Recommendations: For Windows 10 versions 10 Gold, 1511, 1607, 1703, and 1709: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Windows Server 2016: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Windows Server, version 1709: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows 10 versions 1703 through 1709 Windows Server, version 1709 Description: A security feature bypass issue exists due to the way objects are handled in memory. This allows attackers to affect the system. Recommendations: For Windows 10 versions 1703 through 1709, update to a version that includes the fix for this issue. For Windows Server, version 1709, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 **Description** A security issue exists due to Internet Explorer failing to validate User Mode Code Integrity (UMCI) policies, allowing an attacker to bypass Device Guard UMCI policies. **Recommendations** For Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, update Internet Explorer to a version that properly validates UMCI policies to prevent bypassing Device Guard policies.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** A security-feature bypass issue allows attackers to affect the system. No additional details are provided about the nature of the issue, potential impacts, or the scope of affected devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned. **Description** A security-feature bypass issue allows attackers to affect the system. No further details are provided about the nature of the issue, potential impacts, or the scope of affected devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows 10 versions Gold, 1511, 1607 Microsoft Windows Server 2016 **Description** The issue allows remote attackers to modify PowerShell script without invalidating associated signatures. It exists due to insufficient input validation, which can be exploited by a local attacker to bypass certificate validation. This can affect the system. **Recommendations** For Microsoft Windows 10 versions Gold, 1511, 1607, and Windows Server 2016, at the moment, there is no information about a newer version that contains a fix for this vulnerability.