PT-2017-12292 · Microsoft · Device Guard+4

Published

2017-12-12

Updated

2019-10-03

CVE-2017-11899

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows 10 versions 1511 through 1709 Windows Server 2016 Windows Server, version 1709

Description A security feature bypass issue exists due to the handling of untrusted files by Device Guard. This allows attackers to affect the system.

Recommendations For Windows 10 versions 1511 through 1709, consider disabling Device Guard until a patch is available. For Windows Server 2016 and Windows Server, version 1709, restrict access to untrusted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-11899

Affected Products

Device Guard

Windows

Windows 10

Windows Server

Windows Server 2016

PT-2017-12292 · Microsoft · Device Guard+4

CVE-2017-11899

Related Identifiers

Affected Products

References · 7